Fedoraproject Fedora vulnerabilities

CVE-2022-32215 [MEDIUM] CWE-444 CVE-2022-32215: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-23825 [MEDIUM] CWE-668 CVE-2022-23825: Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type poten Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVE-2022-32213 [MEDIUM] CWE-444 CVE-2022-32213: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

CVE-2022-29187 [HIGH] CVE-2022-29187: Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by the

CVE-2022-29901 [MEDIUM] CWE-200 CVE-2022-29901: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVE-2022-29900 [MEDIUM] CWE-212 CVE-2022-29900: Mis-trained branch predictions for return instructions may allow arbitrary speculative code executio Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVE-2022-2345 [HIGH] CWE-416 CVE-2022-2345: Use After Free in GitHub repository vim/vim prior to 9.0.0046. Use After Free in GitHub repository vim/vim prior to 9.0.0046.

CVE-2022-2343 [HIGH] CWE-122 CVE-2022-2343: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.

CVE-2022-2344 [HIGH] CWE-122 CVE-2022-2344: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.

CVE-2022-32207 [CRITICAL] CWE-840 CVE-2022-32207: When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomi When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than inten

CVE-2022-32205 [MEDIUM] CWE-770 CVE-2022-32205: A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl a A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to av

CVE-2022-32206 [MEDIUM] CWE-770 CVE-2022-32206: curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be c curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a

CVE-2022-32208 [MEDIUM] CWE-840 CVE-2022-32208: When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wron When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

CVE-2022-31129 [HIGH] CWE-400 CVE-2022-31129: moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Aff moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may

CVE-2021-3695 [MEDIUM] CWE-787 CVE-2021-3695: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to

CVE-2022-31116 [HIGH] CWE-670 CVE-2022-31116: UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affect UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and

CVE-2022-2309 [HIGH] CWE-476 CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused

CVE-2022-26365 [HIGH] CWE-401 CVE-2022-26365: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table

CVE-2022-33740 [HIGH] CVE-2022-33740: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't

CVE-2022-33742 [HIGH] CVE-2022-33742: Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't