Fedoraproject Fedora vulnerabilities

CVE-2022-40284 [HIGH] CWE-120 CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.

CVE-2022-44638 [HIGH] CWE-190 CVE-2022-44638: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflo In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.

CVE-2022-39379 [CRITICAL] CWE-502 CVE-2022-39379: Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environm

CVE-2022-42823 [HIGH] CWE-843 CVE-2022-42823: A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1 A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2022-42320 [HIGH] CWE-459 CVE-2022-42320: Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. Ther

CVE-2022-39369 [HIGH] CWE-99 CVE-2022-39369: phpCAS is an authentication library that allows PHP applications to easily authenticate users via a phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the sa

CVE-2022-3602 [HIGH] CWE-787 CVE-2022-3602: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted

CVE-2022-42309 [HIGH] CWE-763 CVE-2022-42309: Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value

CVE-2022-3786 [HIGH] CWE-120 CVE-2022-3786: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted iss

CVE-2022-42327 [HIGH] CWE-284 CVE-2022-42327: x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC acc x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.

CVE-2022-42316 [MEDIUM] CWE-770 CVE-2022-42316: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42317 [MEDIUM] CWE-770 CVE-2022-42317: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42325 [MEDIUM] CWE-401 CVE-2022-42325: Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As t

CVE-2022-42312 [MEDIUM] CWE-770 CVE-2022-42312: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42311 [MEDIUM] CWE-770 CVE-2022-42311: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42799 [MEDIUM] CWE-1021 CVE-2022-42799: The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 1 The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing.

CVE-2022-42321 [MEDIUM] CWE-674 CVE-2022-42321: Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

CVE-2022-42315 [MEDIUM] CWE-770 CVE-2022-42315: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42313 [MEDIUM] CWE-770 CVE-2022-42313: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42318 [MEDIUM] CWE-770 CVE-2022-42318: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues