Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fedoraproject vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
Rxvt-unicode Project Rxvt-unicode 9.25
Rxvt-unicode Project Rxvt-unicode 9.26
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes ex...
Gitpython Project Gitpython
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
2 Github repositories
9.8
CVSSv3
CVE-2022-36227
In libarchive prior to 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties di...
Libarchive Libarchive
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
9.8
CVSSv3
CVE-2022-45063
xterm prior to 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
Invisible-island Xterm
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-45062
In Xfce xfce4-settings prior to 4.16.4 and 4.17.x prior to 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
Xfce Xfce4-settings
Xfce Xfce4-settings 4.17.0
Debian Debian Linux 11.0
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-42920
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controlla...
Apache Commons Bcel
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
9.8
CVSSv3
CVE-2022-39379
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated malicious users to execute arbitrary code via specia...
Fluentd Fluentd
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows malicious users to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
Extended Keccak Code Package Project Extended Keccak Code Package -
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Php Php
Python Python
Sha3 Project Sha3
Pysha3 Project Pysha3
Pypy Pypy
1 Github repository
9.8
CVSSv3
CVE-2022-3620
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f...
Exim Exim 2022-10-18
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-3275
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Puppet Puppetlabs-mysql
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »