Fedoraproject Fedora vulnerabilities

CVE-2022-46149 [MEDIUM] CWE-125 CVE-2022-46149: Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior t Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to rem

CVE-2022-4172 [MEDIUM] CWE-120 CVE-2022-4172: An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Tab An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on t

CVE-2022-4144 [MEDIUM] CWE-125 CVE-2022-4144: An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt( An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing

CVE-2022-45939 [HIGH] CWE-78 CVE-2022-45939: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working

CVE-2022-4129 [MEDIUM] CWE-667 CVE-2022-4129: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when cleari A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

CVE-2022-45934 [HIGH] CWE-190 CVE-2022-45934: An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_ An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

CVE-2022-45152 [CRITICAL] CWE-918 CVE-2022-45152: A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due t A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application

CVE-2022-4141 [HIGH] CWE-122 CVE-2022-4141: Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

CVE-2022-39346 [MEDIUM] CWE-20 CVE-2022-39346: Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workaround

CVE-2022-44789 [HIGH] CWE-787 CVE-2022-44789: A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 all A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

CVE-2022-45149 [MEDIUM] CWE-352 CVE-2022-45149: A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actio

CVE-2022-45151 [MEDIUM] CWE-79 CVE-2022-45151: The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVE-2022-45873 [MEDIUM] CWE-400 CVE-2022-45873: systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested directory to make its backtrace large enough to caus

CVE-2022-45150 [MEDIUM] CWE-79 CVE-2022-45150: A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to ins A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may al

CVE-2022-45866 [MEDIUM] CWE-22 CVE-2022-45866: qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and o qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.

CVE-2022-36227 [CRITICAL] CWE-476 CVE-2022-36227: In libarchive before 3.6.2, the software does not check for an error after calling calloc function t In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is e

CVE-2022-3500 [MEDIUM] CWE-248 CVE-2022-3500: A vulnerability was found in keylime. This security issue happens in some circumstances, due to some A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.

CVE-2021-33621 [HIGH] CWE-74 CVE-2021-33621: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.

CVE-2022-41877 [MEDIUM] CWE-119 CVE-2022-41877: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are miss FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users un

CVE-2022-39318 [MEDIUM] CWE-20 CVE-2022-39318: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are miss FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `