Total
4367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3778 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 1 more | 2023-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3796 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 1 more | 2023-01-11 | 6.8 MEDIUM | 7.3 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-41073 | 4 Debian, Fedoraproject, Linux and 1 more | 21 Debian Linux, Fedora, Linux Kernel and 18 more | 2023-01-11 | 7.2 HIGH | 7.8 HIGH |
| loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | |||||
| CVE-2022-4141 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2023-01-10 | N/A | 7.8 HIGH |
| Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | |||||
| CVE-2022-43551 | 2 Fedoraproject, Haxx | 2 Fedora, Curl | 2023-01-10 | N/A | 7.5 HIGH |
| A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. | |||||
| CVE-2022-35019 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 was discovered to contain a segmentation fault. | |||||
| CVE-2022-35018 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 was discovered to contain a segmentation fault. | |||||
| CVE-2022-35020 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | |||||
| CVE-2022-35015 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. | |||||
| CVE-2022-35017 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | |||||
| CVE-2022-35016 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | |||||
| CVE-2022-35014 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2023-01-09 | N/A | 5.5 MEDIUM |
| Advancecomp v2.3 contains a segmentation fault. | |||||
| CVE-2022-37434 | 5 Apple, Debian, Fedoraproject and 2 more | 20 Ipados, Iphone Os, Macos and 17 more | 2023-01-09 | N/A | 9.8 CRITICAL |
| zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | |||||
| CVE-2021-30887 | 3 Apple, Debian, Fedoraproject | 7 Ipados, Iphone Os, Macos and 4 more | 2023-01-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. | |||||
| CVE-2020-9983 | 2 Apple, Fedoraproject | 8 Icloud, Ipados, Iphone Os and 5 more | 2023-01-09 | 6.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. | |||||
| CVE-2019-20044 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Ipados, Iphone Os, Mac Os X and 7 more | 2023-01-09 | 7.2 HIGH | 7.8 HIGH |
| In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | |||||
| CVE-2021-30890 | 3 Apple, Debian, Fedoraproject | 7 Ipados, Iphone Os, Macos and 4 more | 2023-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2020-11760 | 6 Apple, Canonical, Debian and 3 more | 12 Icloud, Ipados, Iphone Os and 9 more | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. | |||||
| CVE-2020-11759 | 5 Apple, Canonical, Debian and 2 more | 11 Icloud, Ipados, Iphone Os and 8 more | 2023-01-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. | |||||
| CVE-2020-27918 | 4 Apple, Debian, Fedoraproject and 1 more | 11 Icloud, Ipados, Iphone Os and 8 more | 2023-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||