Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 61 of 264
CVE-2022-2867MEDIUMCVSS 5.5v35v362022-08-17
CVE-2022-2867 [MEDIUM] CWE-191 CVE-2022-2867: libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. A
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
nvd
CVE-2020-14394LOWCVSS 3.2v33v372022-08-17
CVE-2020-14394 [LOW] CWE-835 CVE-2020-14394: An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the len
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
nvd
CVE-2022-2819HIGHCVSS 7.8v352022-08-15
CVE-2022-2819 [HIGH] CWE-122 CVE-2022-2819: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
nvd
CVE-2022-2817HIGHCVSS 7.8v352022-08-15
CVE-2022-2817 [HIGH] CWE-416 CVE-2022-2817: Use After Free in GitHub repository vim/vim prior to 9.0.0213.
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
nvd
CVE-2022-38223HIGHCVSS 7.8v36v372022-08-15
CVE-2022-38223 [HIGH] CWE-787 CVE-2022-38223: There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by s
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
nvd
CVE-2022-2816HIGHCVSS 7.8v352022-08-15
CVE-2022-2816 [HIGH] CWE-125 CVE-2022-2816: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
nvd
CVE-2022-2603HIGHCVSS 8.8v372022-08-12
CVE-2022-2603 [HIGH] CWE-416 CVE-2022-2603: Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to poten
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2606HIGHCVSS 8.8v372022-08-12
CVE-2022-2606 [HIGH] CWE-416 CVE-2022-2606: Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attac
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2620HIGHCVSS 8.8v372022-08-12
CVE-2022-2620 [HIGH] CWE-665 CVE-2022-2620: Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attack
Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2604HIGHCVSS 8.8v372022-08-12
CVE-2022-2604 [HIGH] CWE-416 CVE-2022-2604: Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2621HIGHCVSS 8.8v372022-08-12
CVE-2022-2621 [HIGH] CWE-416 CVE-2022-2621: Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinc
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2617HIGHCVSS 8.8v372022-08-12
CVE-2022-2617 [HIGH] CWE-362 CVE-2022-2617: Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who con
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2609HIGHCVSS 8.8v372022-08-12
CVE-2022-2609 [HIGH] CWE-362 CVE-2022-2609: Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2607HIGHCVSS 8.8v372022-08-12
CVE-2022-2607 [HIGH] CWE-362 CVE-2022-2607: Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote at
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2613HIGHCVSS 8.8v372022-08-12
CVE-2022-2613 [HIGH] CWE-416 CVE-2022-2613: Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attack
Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2608HIGHCVSS 8.8v372022-08-12
CVE-2022-2608 [HIGH] CWE-362 CVE-2022-2608: Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remot
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2623HIGHCVSS 8.8v372022-08-12
CVE-2022-2623 [HIGH] CWE-362 CVE-2022-2623: Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attack
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
nvd
CVE-2022-2624HIGHCVSS 8.8v372022-08-12
CVE-2022-2624 [HIGH] CWE-787 CVE-2022-2624: Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who co
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
nvd
CVE-2022-2614HIGHCVSS 8.8v372022-08-12
CVE-2022-2614 [HIGH] CWE-416 CVE-2022-2614: Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2022-2610MEDIUMCVSS 6.5v372022-08-12
CVE-2022-2610 [MEDIUM] CWE-668 CVE-2022-2610: Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd