Filtered by vendor Fedoraproject Subscriptions
Filtered by product Fedora Subscriptions
Total 5205 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-2613 2 Fedoraproject, Google 3 Fedora, Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2612 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2022-2611 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-2610 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2609 2 Fedoraproject, Google 3 Fedora, Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2608 2 Fedoraproject, Google 3 Fedora, Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2607 2 Fedoraproject, Google 3 Fedora, Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2606 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2605 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2604 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2603 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2601 3 Fedoraproject, Gnu, Redhat 13 Fedora, Grub2, Enterprise Linux and 10 more 2024-11-21 8.6 High
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
CVE-2022-2553 4 Clusterlabs, Debian, Fedoraproject and 1 more 5 Booth, Debian Linux, Fedora and 2 more 2024-11-21 6.5 Medium
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
CVE-2022-2509 4 Debian, Fedoraproject, Gnu and 1 more 4 Debian Linux, Fedora, Gnutls and 1 more 2024-11-21 7.5 High
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
CVE-2022-2476 2 Fedoraproject, Wavpack 2 Fedora, Wavpack 2024-11-21 5.5 Medium
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING
CVE-2022-2345 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVE-2022-2344 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2343 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVE-2022-2309 4 Fedoraproject, Lxml, Redhat and 1 more 4 Fedora, Lxml, Enterprise Linux and 1 more 2024-11-21 7.5 High
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
CVE-2022-2304 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.