Fedoraproject Fedora vulnerabilities

CVE-2022-37451 [HIGH] CWE-763 CVE-2022-37451: Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not u Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

CVE-2022-37434 [CRITICAL] CWE-787 CVE-2022-37434: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

CVE-2022-1158 [HIGH] CWE-416 CVE-2022-1158: A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as t A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of servic

CVE-2022-1973 [HIGH] CWE-416 CVE-2022-1973: A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS jo A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.

CVE-2022-31197 [HIGH] CWE-89 CVE-2022-31197: PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database u PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to S

CVE-2022-29154 [HIGH] CWE-20 CVE-2022-29154: An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrar An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can

CVE-2022-2509 [HIGH] CWE-415 CVE-2022-2509: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs du A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

CVE-2022-35922 [HIGH] CWE-400 CVE-2022-35922: Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrust Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from

CVE-2022-30698 [MEDIUM] CWE-613 CVE-2022-30698: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost d NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. Th

CVE-2022-30699 [MEDIUM] CWE-613 CVE-2022-30699: NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation

CVE-2022-34526 [MEDIUM] CWE-787 CVE-2022-34526: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerabili A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities.

CVE-2021-41556 [CRITICAL] CWE-125 CVE-2021-41556: sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions h

CVE-2022-2010 [CRITICAL] CWE-125 CVE-2022-2010: Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2022-2163 [HIGH] CWE-416 CVE-2022-2163: Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker w Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

CVE-2022-2157 [HIGH] CWE-416 CVE-2022-2157: Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2296 [HIGH] CWE-416 CVE-2022-2296: Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a re Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

CVE-2022-2008 [HIGH] CWE-415 CVE-2022-2008: Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potential Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2295 [HIGH] CWE-843 CVE-2022-2295: Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2007 [HIGH] CWE-416 CVE-2022-2007: Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to poten Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2156 [HIGH] CWE-416 CVE-2022-2156: Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentia Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.