Fedoraproject Security Vulnerabilities
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...
7.5CVSS
7AI Score
0.002EPSS
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the ma...
7.7CVSS
6.4AI Score
0.003EPSS
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and ...
7.5CVSS
9.2AI Score
0.007EPSS
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary fi...
8.8CVSS
8.7AI Score
0.001EPSS
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The att...
6.5CVSS
6.3AI Score
0.001EPSS
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Edito...
8.8CVSS
8.5AI Score
0.003EPSS
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised ...
7.5CVSS
7.2AI Score
0.005EPSS
Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. /teams/:teamId will allow an authenticated attacker to view unintended data by querying for the specific team ID, /teams/:...
4.3CVSS
6AI Score
0.002EPSS
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach i...
7.5CVSS
7.4AI Score
0.004EPSS
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on ...
9.8CVSS
9.4AI Score
0.02EPSS
7.8CVSS
7.5AI Score
0.002EPSS
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
9.8CVSS
9.3AI Score
0.005EPSS
7.8CVSS
7.6AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
7.5CVSS
7.4AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
5.5CVSS
6.2AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
5.5CVSS
6.2AI Score
0.002EPSS
7.8CVSS
7.5AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.
6.5CVSS
6.4AI Score
0.001EPSS
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
7.5CVSS
8.5AI Score
0.314EPSS
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
9.8CVSS
9.6AI Score
0.008EPSS
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
9.1CVSS
9.7AI Score
0.003EPSS
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
7.5CVSS
7.4AI Score
0.029EPSS
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
6.1CVSS
6.1AI Score
0.007EPSS
7.8CVSS
7.6AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
7.1CVSS
7.1AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.002EPSS
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8CVSS
8.4AI Score
0.007EPSS
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
8.8CVSS
8.9AI Score
0.005EPSS
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
10CVSS
9.5AI Score
0.007EPSS
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't ha...
7.8CVSS
7.3AI Score
0.0004EPSS
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a map...
5.5CVSS
5.4AI Score
0.0004EPSS
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time th...
4.6CVSS
4.8AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...
7.5CVSS
7.3AI Score
0.006EPSS
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
7.5CVSS
7AI Score
0.02EPSS
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
7.3CVSS
7.1AI Score
0.002EPSS
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can stea...
6.3CVSS
5.1AI Score
0.001EPSS
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
7.8CVSS
7.3AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.002EPSS
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.
9.8CVSS
6.3AI Score
0.008EPSS