Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-04-15 | CVE-2022-28041 | stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | Debian_linux, Fedora, Stb_image\.h | 6.5 | ||
2022-04-15 | CVE-2022-28042 | stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | Debian_linux, Fedora, Stb_image\.h | 8.8 | ||
2022-04-15 | CVE-2022-28048 | STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | Fedora, Stb | 8.8 | ||
2022-04-15 | CVE-2022-1231 | XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin,... | Fedora, Plantuml | 6.1 | ||
2022-04-18 | CVE-2022-1381 | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | Macos, Fedora, Vim | 7.8 | ||
2022-04-19 | CVE-2022-25648 | The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Git | 9.8 | ||
2022-04-20 | CVE-2022-24675 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | Fedora, Go, Kubernetes_monitoring_operator | 7.5 | ||
2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | Extra_packages_for_enterprise_linux, Fedora, Go | 7.5 | ||
2022-04-20 | CVE-2022-29536 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. | Debian_linux, Fedora, Epiphany | 7.5 | ||
2022-04-21 | CVE-2022-1420 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. | Macos, Fedora, Vim | 5.5 |