Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2855 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2854 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2853 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2852 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2850 | 4 Debian, Fedoraproject, Port389 and 1 more | 5 Debian Linux, Fedora, 389-ds-base and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | |||||
| CVE-2022-2849 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. | |||||
| CVE-2022-2845 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | |||||
| CVE-2022-2819 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | |||||
| CVE-2022-2817 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0213. | |||||
| CVE-2022-2816 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | N/A | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | |||||
| CVE-2022-2795 | 3 Debian, Fedoraproject, Isc | 3 Debian Linux, Fedora, Bind | 2024-11-21 | N/A | 5.3 MEDIUM |
| By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | |||||
| CVE-2022-2719 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2024-11-21 | N/A | 5.5 MEDIUM |
| In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. | |||||
| CVE-2022-2625 | 3 Fedoraproject, Postgresql, Redhat | 3 Fedora, Postgresql, Enterprise Linux | 2024-11-21 | N/A | 8.0 HIGH |
| A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. | |||||
| CVE-2022-2624 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2022-2623 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2622 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | |||||
| CVE-2022-2621 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2620 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | |||||
| CVE-2022-2618 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | |||||