Fedoraproject Fedora vulnerabilities

CVE-2023-25136 [MEDIUM] CWE-415 CVE-2023-25136: OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handl OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoret

CVE-2022-3560 [MEDIUM] CWE-22 CVE-2022-3560: A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign d A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain acces

CVE-2022-48303 [MEDIUM] CWE-125 CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory f GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.

CVE-2022-4285 [MEDIUM] CVE-2022-4285: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corr An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.

CVE-2022-47021 [HIGH] CWE-476 CVE-2022-47021: A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.

CVE-2023-22809 [HIGH] CWE-269 CVE-2023-22809: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem e

CVE-2022-47318 [HIGH] CVE-2022-47318: ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ru ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

CVE-2023-22298 [MEDIUM] CWE-601 CVE-2023-22298: Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated att Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

CVE-2018-14628 [MEDIUM] CWE-862 CVE-2018-14628: An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access contr An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

CVE-2023-23589 [MEDIUM] CWE-693 CVE-2023-23589: The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol ca The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.

CVE-2022-3592 [MEDIUM] CWE-61 CVE-2022-3592: A symlink following vulnerability was found in Samba, where a user can create a symbolic link that w A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and ga

CVE-2023-23457 [MEDIUM] CWE-119 CVE-2023-23457: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An att A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.

CVE-2023-23456 [MEDIUM] CWE-787 CVE-2023-23456: A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The f A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

CVE-2022-47927 [MEDIUM] CWE-732 CVE-2022-47927: An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.

CVE-2022-3437 [MEDIUM] CWE-122 CVE-2022-3437: A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unw A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote

CVE-2023-22945 [MEDIUM] CWE-863 CVE-2023-22945: In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.

CVE-2022-4379 [HIGH] CWE-416 CVE-2022-4379: A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux ker A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

CVE-2023-22911 [MEDIUM] CWE-79 CVE-2023-22911: An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

CVE-2023-22909 [MEDIUM] CVE-2023-22909: An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.

CVE-2023-0049 [HIGH] CWE-125 CVE-2023-0049: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.