Fedoraproject Fedora vulnerabilities

CVE-2022-42333 [HIGH] CWE-770 CVE-2022-42333: x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not expose

CVE-2022-42331 [MEDIUM] CVE-2022-42331: x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectr x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.

CVE-2022-42334 [MEDIUM] CVE-2022-42334: x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to t

CVE-2023-1264 [MEDIUM] CWE-476 CVE-2023-1264: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.

CVE-2022-4904 [HIGH] CWE-20 CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity o A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.

CVE-2021-20251 [MEDIUM] CWE-362 CVE-2021-20251: A flaw was found in samba. A race condition in the password lockout code may lead to the risk of bru A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.

CVE-2022-4645 [MEDIUM] CWE-125 CVE-2022-4645: LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.

CVE-2022-41862 [LOW] CWE-200 CVE-2022-41862: In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establi In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.

CVE-2023-25358 [HIGH] CWE-416 CVE-2023-25358: A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows a A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.

CVE-2023-1127 [HIGH] CWE-369 CVE-2023-1127: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

CVE-2023-27320 [HIGH] CWE-415 CVE-2023-27320: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

CVE-2022-41727 [MEDIUM] CWE-770 CVE-2022-41727: An attacker can craft a malformed TIFF image which will consume a significant amount of memory when An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

CVE-2023-1055 [MEDIUM] CWE-200 CVE-2023-1055: A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPasswor A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat fro

CVE-2023-23916 [MEDIUM] CWE-770 CVE-2023-23916: An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemente

CVE-2023-26081 [HIGH] CWE-668 CVE-2023-26081: In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating pa In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

CVE-2023-24329 [HIGH] CWE-20 CVE-2023-24329: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisti An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

CVE-2023-0361 [HIGH] CWE-203 CVE-2023-0361: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Th A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the

CVE-2023-0003 [MEDIUM] CWE-73 CVE-2023-0003: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an au A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.

CVE-2022-46663 [HIGH] CVE-2022-46663: In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sen In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.

CVE-2023-25193 [HIGH] CWE-770 CVE-2023-25193: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via con hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.