Fedoraproject Fedora vulnerabilities

CVE-2022-2162 [HIGH] CVE-2022-2162: Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.5 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

CVE-2022-2011 [HIGH] CWE-416 CVE-2022-2011: Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potent Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2158 [HIGH] CWE-416 CVE-2022-2158: Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2294 [HIGH] CWE-787 CVE-2022-2294: Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2161 [HIGH] CWE-416 CVE-2022-2161: Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2164 [MEDIUM] CVE-2022-2164: Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an at Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

CVE-2022-2553 [MEDIUM] CWE-287 CVE-2022-2553: The authfile directive in the booth config file is ignored, preventing use of authentication in comm The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

CVE-2022-2165 [MEDIUM] CVE-2022-2165: Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a rem Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVE-2022-2160 [MEDIUM] CWE-362 CVE-2022-2160: Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allow Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

CVE-2022-33745 [HIGH] CVE-2022-33745: insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kern insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of th

CVE-2020-7677 [CRITICAL] CVE-2020-7677: This affects the package thenify before 3.3.1. The name argument provided to the package can be cont This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

CVE-2022-0670 [CRITICAL] CWE-863 CVE-2022-0670: A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.

CVE-2022-35649 [CRITICAL] CWE-94 CVE-2022-35649: The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScri The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

CVE-2022-34749 [HIGH] CWE-1333 CVE-2022-34749: In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

CVE-2022-35650 [HIGH] CWE-22 CVE-2022-35650: The vulnerability was found in Moodle, occurs due to input validation error when importing lesson qu The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by de

CVE-2022-35651 [MEDIUM] CWE-79 CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitizati A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive

CVE-2022-35652 [MEDIUM] CWE-601 CVE-2022-35652: An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mob An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform

CVE-2022-35653 [MEDIUM] CWE-79 CVE-2022-35653: A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to in A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentiall

CVE-2021-46829 [HIGH] CWE-190 CVE-2021-46829: GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.

CVE-2022-31160 [MEDIUM] CWE-79 CVE-2022-31160: jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "r