Fedoraproject Fedora vulnerabilities

CVE-2022-39347 [MEDIUM] CWE-22 CVE-2022-39347: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are miss FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. User

CVE-2022-39319 [MEDIUM] CWE-125 CVE-2022-39319: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are miss FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Use

CVE-2022-39320 [MEDIUM] CWE-125 CVE-2022-39320: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may atte FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in

CVE-2022-39316 [MEDIUM] CWE-125 CVE-2022-39316: FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to

CVE-2022-39317 [MEDIUM] CWE-125 CVE-2022-39317: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are miss FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue

CVE-2022-37290 [MEDIUM] CWE-476 CVE-2022-37290: GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a paste GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive.

CVE-2022-45188 [HIGH] CWE-787 CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution vi Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

CVE-2022-41854 [MEDIUM] CWE-121 CVE-2022-41854: Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks ( Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

CVE-2022-45063 [CRITICAL] CWE-77 CVE-2022-45063: xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl- xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

CVE-2022-45062 [CRITICAL] CWE-88 CVE-2022-45062: In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulner In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

CVE-2022-45061 [HIGH] CWE-407 CVE-2022-45061: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one pa An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a

CVE-2022-45059 [HIGH] CWE-444 CVE-2022-45059: An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smugglin An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.

CVE-2022-37966 [HIGH] CVE-2022-37966: Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

CVE-2022-37967 [HIGH] CVE-2022-37967: Windows Kerberos Elevation of Privilege Vulnerability Windows Kerberos Elevation of Privilege Vulnerability

CVE-2022-45060 [HIGH] CWE-20 CVE-2022-45060: An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn,

CVE-2022-23824 [MEDIUM] CVE-2022-23824: IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leadi IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

CVE-2022-39377 [HIGH] CWE-120 CVE-2022-39377: sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in v sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated f

CVE-2022-3821 [MEDIUM] CWE-193 CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.

CVE-2022-42920 [CRITICAL] CWE-787 CVE-2022-42920: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class char Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the res

CVE-2022-42919 [HIGH] CWE-502 CVE-2022-42919: Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any