Total
5364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0670 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
|
|||||
| CVE-2022-0629 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0613 | 2 Fedoraproject, Uri.js Project | 2 Fedora, Uri.js | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
|
|||||
| CVE-2022-0571 | 2 Fedoraproject, Phoronix-media | 3 Extra Packages For Enterprise Linux, Fedora, Phoronix Test Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
|
|||||
| CVE-2022-0562 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
|
|||||
| CVE-2022-0561 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
|
|||||
| CVE-2022-0559 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
|
|||||
| CVE-2022-0554 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0546 | 3 Blender, Debian, Fedoraproject | 4 Blender, Debian Linux, Extra Packages For Enterprise Linux and 1 more | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
|
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
|
|||||
| CVE-2022-0530 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
|
|||||
| CVE-2022-0529 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
|
|||||
| CVE-2022-0523 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
|
|||||
| CVE-2022-0522 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.
|
|||||
| CVE-2022-0521 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
|
|||||
| CVE-2022-0520 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in NPM radare2.js prior to 5.6.2.
|
|||||
| CVE-2022-0519 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
|
|||||
| CVE-2022-0518 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
|
|||||
| CVE-2022-0516 | 5 Debian, Fedoraproject, Linux and 2 more | 31 Debian Linux, Fedora, Linux Kernel and 28 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
|
|||||
| CVE-2022-0500 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
|
|||||
| CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 30 Ubuntu Linux, Debian Linux, Fedora and 27 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
|
|||||
| CVE-2022-0476 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
|
|||||
| CVE-2022-0443 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0435 | 5 Fedoraproject, Linux, Netapp and 2 more | 37 Fedora, Linux Kernel, H300e and 34 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.
|
|||||
| CVE-2022-0433 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.
|
|||||
| CVE-2022-0419 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.
|
|||||
| CVE-2022-0413 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Use After Free in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0408 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0396 | 4 Fedoraproject, Isc, Netapp and 1 more | 19 Fedora, Bind, H300e and 16 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
|
|||||
| CVE-2022-0393 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
|
|||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | N/A | 8.8 HIGH |
|
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing ...
Show More |
|||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 46 Fedora, Linux Kernel, H300e and 43 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
|
|||||
| CVE-2022-0322 | 3 Fedoraproject, Linux, Oracle | 5 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
|
|||||
| CVE-2022-0238 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
|
|||||
| CVE-2022-0216 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | N/A | 4.4 MEDIUM |
|
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.
|
|||||
| CVE-2022-0197 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
|
|||||
| CVE-2022-0196 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
|
|||||
| CVE-2022-0173 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
radare2 is vulnerable to Out-of-bounds Read
|
|||||
| CVE-2022-0158 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
vim is vulnerable to Heap-based Buffer Overflow
|
|||||
| CVE-2022-0157 | 2 Fedoraproject, Phoronix-media | 2 Fedora, Phoronix Test Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2022-0156 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
vim is vulnerable to Use After Free
|
|||||