Fedoraproject Fedora vulnerabilities

CVE-2022-41674 [HIGH] CWE-787 CVE-2022-41674: An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames cou An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

CVE-2022-42721 [MEDIUM] CWE-835 CVE-2022-42721: A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x b A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

CVE-2022-2850 [MEDIUM] CVE-2022-2850: A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticate A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

CVE-2022-42722 [MEDIUM] CWE-476 CVE-2022-42722: In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames in In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

CVE-2022-42719 [HIGH] CWE-416 CVE-2022-42719: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 th A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

CVE-2022-39282 [HIGH] CWE-908 CVE-2022-39282: FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to

CVE-2022-39283 [HIGH] CWE-125 CVE-2022-39283: FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/v

CVE-2022-3171 [HIGH] CWE-20 CVE-2022-3171: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3. A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in pot

CVE-2022-3140 [MEDIUM] CWE-20 CVE-2022-3140: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePo LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or

CVE-2022-33748 [MEDIUM] CWE-755 CVE-2022-33748: lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectivel

CVE-2022-33746 [MEDIUM] CWE-404 CVE-2022-33746: P2M pool freeing may take excessively long The P2M pool backing second level address translation for P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

CVE-2022-33747 [LOW] CWE-404 CVE-2022-33747: Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pa Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These mem

CVE-2022-42011 [MEDIUM] CWE-129 CVE-2022-42011: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.

CVE-2022-42012 [MEDIUM] CWE-20 CVE-2022-42012: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

CVE-2022-42010 [MEDIUM] CWE-347 CVE-2022-42010: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.

CVE-2022-3435 [MEDIUM] CWE-119 CVE-2022-3435: A vulnerability classified as problematic has been found in Linux Kernel. This affects the function A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357

CVE-2022-3275 [CRITICAL] CWE-78 CVE-2022-3275: Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

CVE-2022-2929 [MEDIUM] CWE-770 CVE-2022-2929: In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP serve In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

CVE-2022-2928 [MEDIUM] CWE-476 CVE-2022-2928: In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_has In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease que

CVE-2022-41556 [HIGH] CWE-401 CVE-2022-41556: A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.