Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-02 | CVE-2022-39170 | libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. | Fedora, Libdwarf | 8.8 | ||
| 2022-09-03 | CVE-2022-3099 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | Debian_linux, Fedora, Vim | 7.8 | ||
| 2022-09-05 | CVE-2022-39831 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230. | Fedora, Pspp | 7.8 | ||
| 2022-09-05 | CVE-2022-39832 | An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | Fedora, Pspp | 7.8 | ||
| 2022-09-05 | CVE-2022-3123 | Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. | Dokuwiki, Fedora | 6.1 | ||
| 2022-09-06 | CVE-2022-27664 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | Fedora, Go | 7.5 | ||
| 2022-09-09 | CVE-2022-25765 | The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. | Fedora, Pdfkit | 9.8 | ||
| 2022-09-09 | CVE-2022-36109 | Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This... | Fedora, Moby | 6.3 | ||
| 2022-09-09 | CVE-2022-36087 | OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds. | Fedora, Oauthlib | 6.5 | ||
| 2022-09-09 | CVE-2022-40320 | cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | Fedora, Libconfuse | 8.8 |