Fedoraproject Fedora vulnerabilities

CVE-2022-42319 [MEDIUM] CWE-401 CVE-2022-42319: Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a gues Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the req

CVE-2022-42824 [MEDIUM] CVE-2022-42824: A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS A logic issue was addressed with improved state management. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose sensitive user information.

CVE-2022-42322 [MEDIUM] CWE-401 CVE-2022-42322: Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record rela Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working tog

CVE-2022-42324 [MEDIUM] CWE-681 CVE-2022-42324: Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precis Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusio

CVE-2022-42314 [MEDIUM] CWE-770 CVE-2022-42314: Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multipl Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how gues

CVE-2022-42323 [MEDIUM] CWE-401 CVE-2022-42323: Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record rela Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working tog

CVE-2022-42326 [MEDIUM] CWE-401 CVE-2022-42326: Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As t

CVE-2022-42310 [MEDIUM] CWE-459 CVE-2022-42310: Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent

CVE-2022-40617 [HIGH] CWE-400 CVE-2022-40617: strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugi strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or

CVE-2022-44020 [MEDIUM] CWE-281 CVE-2022-44020: An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changi An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."

CVE-2022-42915 [HIGH] CWE-415 CVE-2022-42915: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to spe

CVE-2022-41973 [HIGH] CWE-59 CVE-2022-41973: multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploi multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly f

CVE-2022-41974 [HIGH] CVE-2022-41974: multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploi multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a ke

CVE-2022-42916 [HIGH] CWE-319 CVE-2022-42916: In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using it In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replac

CVE-2022-3725 [HIGH] CWE-787 CVE-2022-3725: Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

CVE-2022-39286 [HIGH] CWE-250 CVE-2022-39286: Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this is

CVE-2022-3705 [HIGH] CWE-119 CVE-2022-3705: A vulnerability was found in vim and classified as problematic. Affected by this issue is the functi A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86

CVE-2021-46848 [CRITICAL] CWE-193 CVE-2021-46848: GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simp GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

CVE-2022-43680 [HIGH] CWE-416 CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

CVE-2022-37454 [CRITICAL] CWE-190 CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.