Total
4367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2022-12-08 | N/A | 7.5 HIGH |
| In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | |||||
| CVE-2022-29221 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. | |||||
| CVE-2022-3278 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-12-08 | N/A | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | |||||
| CVE-2022-3297 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-12-08 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0579. | |||||
| CVE-2022-3296 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-12-08 | N/A | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | |||||
| CVE-2022-24728 | 4 Ckeditor, Drupal, Fedoraproject and 1 more | 9 Ckeditor, Drupal, Fedora and 6 more | 2022-12-08 | 3.5 LOW | 5.4 MEDIUM |
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. | |||||
| CVE-2022-24729 | 4 Ckeditor, Drupal, Fedoraproject and 1 more | 9 Ckeditor, Drupal, Fedora and 6 more | 2022-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. | |||||
| CVE-2021-29454 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. | |||||
| CVE-2021-21408 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. | |||||
| CVE-2021-45451 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2022-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | |||||
| CVE-2019-16167 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-12-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | |||||
| CVE-2019-20446 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-12-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | |||||
| CVE-2021-41164 | 4 Ckeditor, Drupal, Fedoraproject and 1 more | 10 Ckeditor, Drupal, Fedora and 7 more | 2022-12-08 | 3.5 LOW | 5.4 MEDIUM |
| CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. | |||||
| CVE-2022-1851 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-1898 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-1616 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | |||||
| CVE-2022-3234 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2022-12-08 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | |||||
| CVE-2022-2285 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2946 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2022-12-08 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0246. | |||||
| CVE-2022-1720 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2022-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | |||||