Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-28919 Cross-site Scripting vulnerability in multiple products
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
network
low complexity
dokuwiki fedoraproject CWE-79
6.1
6.1
2022-05-12 CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938.
local
low complexity
vim fedoraproject apple
5.5
5.5
2022-05-11 CVE-2022-1622 Out-of-bounds Read vulnerability in multiple products
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff fedoraproject netapp apple CWE-125
5.5
5.5
2022-05-11 CVE-2022-1623 Out-of-bounds Read vulnerability in multiple products
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
libtiff fedoraproject netapp debian CWE-125
5.5
5.5
2022-05-10 CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919.
local
low complexity
vim debian fedoraproject apple
7.8
7.8
2022-05-10 CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925.
local
low complexity
vim fedoraproject apple
7.8
7.8
2022-05-08 CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901.
network
low complexity
vim fedoraproject apple
7.5
7.5
2022-05-08 CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899.
local
low complexity
vim fedoraproject debian netapp apple
7.8
7.8
2022-05-07 CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895.
local
low complexity
vim fedoraproject debian apple
7.8
7.8
2022-05-06 CVE-2022-1053 Improper Input Validation vulnerability in multiple products
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote.
network
low complexity
keylime fedoraproject CWE-20
critical
 9.1
9.1