Fedoraproject Fedora vulnerabilities

CVE-2022-46175 [HIGH] CWE-1321 CVE-2022-46175: JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain b JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting obje

CVE-2022-43551 [HIGH] CWE-319 CVE-2022-43551: A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using H A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN char

CVE-2021-33640 [CRITICAL] CWE-416 CVE-2021-33640: After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

CVE-2022-3109 [HIGH] CWE-476 CVE-2022-3109: An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks chec An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

CVE-2022-46393 [CRITICAL] CWE-125 CVE-2022-46393: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-ba An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

CVE-2022-46392 [MEDIUM] CWE-203 CVE-2022-46392: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_

CVE-2022-4283 [HIGH] CWE-416 CVE-2022-4283: A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh

CVE-2022-46344 [HIGH] CWE-125 CVE-2022-46344: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangePr A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution

CVE-2022-46342 [HIGH] CWE-416 CVE-2022-46342: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelect A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

CVE-2022-46341 [HIGH] CWE-787 CVE-2022-46341: A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveU A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-2601 [HIGH] CWE-122 CVE-2022-2601: A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure bo

CVE-2022-46343 [HIGH] CWE-416 CVE-2022-46343: A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSave A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-46340 [HIGH] CWE-787 CVE-2022-46340: A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTest A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running p

CVE-2022-4223 [HIGH] CWE-94 CVE-2022-4223: The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user sele The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthent

CVE-2022-4170 [CRITICAL] CWE-74 CVE-2022-4170: The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

CVE-2022-4122 [MEDIUM] CWE-59 CVE-2022-4122: A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

CVE-2022-41717 [MEDIUM] CWE-770 CVE-2022-41717: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 serve An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

CVE-2022-4123 [LOW] CWE-23 CVE-2022-4123: A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to inco A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.

CVE-2022-24439 [CRITICAL] CWE-20 CVE-2022-24439: All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments

CVE-2022-46391 [MEDIUM] CWE-79 CVE-2022-46391: AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhoi AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.