Total
5364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4141 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-11-03 | N/A | 7.8 HIGH |
|
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
|
|||||
| CVE-2022-41877 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 4.6 MEDIUM |
|
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`.
|
|||||
| CVE-2022-3324 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | N/A | 7.8 HIGH |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
|
|||||
| CVE-2022-3099 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | N/A | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
|
|||||
| CVE-2022-39347 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 2.6 LOW |
|
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.
|
|||||
| CVE-2022-39320 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 5.5 MEDIUM |
|
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
|
|||||
| CVE-2022-39319 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 4.6 MEDIUM |
|
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
|
|||||
| CVE-2022-39318 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 4.8 MEDIUM |
|
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
|
|||||
| CVE-2022-39316 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 4.8 MEDIUM |
|
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.
|
|||||
| CVE-2022-39283 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 5.9 MEDIUM |
|
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.
|
|||||
| CVE-2022-39282 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | N/A | 3.5 LOW |
|
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.
|
|||||
| CVE-2022-2850 | 4 Debian, Fedoraproject, Port389 and 1 more | 5 Debian Linux, Fedora, 389-ds-base and 2 more | 2025-11-03 | N/A | 6.5 MEDIUM |
|
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
|
|||||
| CVE-2022-2304 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
|
|||||
| CVE-2022-2129 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-2000 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-24883 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | 6.8 MEDIUM | 7.4 HIGH |
|
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the ...
Show More |
|||||
| CVE-2022-24882 | 2 Fedoraproject, Freerdp | 3 Extra Packages For Enterprise Linux, Fedora, Freerdp | 2025-11-03 | 5.0 MEDIUM | 9.1 CRITICAL |
|
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
|
|||||
| CVE-2022-1942 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-1897 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-1616 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
|
|||||
| CVE-2022-0996 | 2 Fedoraproject, Redhat | 3 Fedora, 389 Directory Server, Enterprise Linux | 2025-11-03 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
|
|||||
| CVE-2022-0572 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0547 | 3 Debian, Fedoraproject, Openvpn | 3 Debian Linux, Fedora, Openvpn | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
|
|||||
| CVE-2022-0417 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0367 | 3 Debian, Fedoraproject, Libmodbus | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2025-11-03 | N/A | 7.8 HIGH |
|
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
|
|||||
| CVE-2021-4187 | 3 Apple, Fedoraproject, Vim | 4 Mac Os X, Macos, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
vim is vulnerable to Use After Free
|
|||||
| CVE-2021-4173 | 3 Apple, Fedoraproject, Vim | 4 Mac Os X, Macos, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
vim is vulnerable to Use After Free
|
|||||
| CVE-2021-4019 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
vim is vulnerable to Heap-based Buffer Overflow
|
|||||
| CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
|
|||||
| CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
|
|||||
| CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
|
|||||
| CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
|
|||||
| CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
|
|||||
| CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
|
|||||
| CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
|
|||||
| CVE-2021-42378 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
|
|||||
| CVE-2021-42374 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2025-11-03 | 3.3 LOW | 5.3 MEDIUM |
|
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
|
|||||
| CVE-2021-41160 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2025-11-03 | 6.8 MEDIUM | 5.3 MEDIUM |
|
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not ...
Show More |
|||||
| CVE-2021-3872 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
|
vim is vulnerable to Heap-based Buffer Overflow
|
|||||
| CVE-2021-3621 | 2 Fedoraproject, Redhat | 8 Fedora, Sssd, Enterprise Linux and 5 more | 2025-11-03 | 9.3 HIGH | 8.8 HIGH |
|
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
|||||