Fedoraproject Fedora vulnerabilities

CVE-2022-32325 [MEDIUM] CWE-125 CVE-2022-32325: JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.

CVE-2022-2257 [HIGH] CWE-125 CVE-2022-2257: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.

CVE-2022-2058 [MEDIUM] CWE-369 CVE-2022-2058: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

CVE-2022-2056 [MEDIUM] CWE-369 CVE-2022-2056: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

CVE-2022-2057 [MEDIUM] CWE-369 CVE-2022-2057: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.

CVE-2022-31052 [MEDIUM] CWE-674 CVE-2022-31052: Synapse is an open source home server implementation for the Matrix chat network. In versions prior Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse p

CVE-2022-2231 [MEDIUM] CWE-476 CVE-2022-2231: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.

CVE-2022-2207 [HIGH] CWE-122 CVE-2022-2207: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-2210 [HIGH] CWE-787 CVE-2022-2210: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

CVE-2022-2208 [MEDIUM] CWE-476 CVE-2022-2208: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.

CVE-2022-2206 [HIGH] CWE-125 CVE-2022-2206: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-32209 [MEDIUM] CWE-79 CVE-2022-32209: # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with cer # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rail

CVE-2022-2175 [HIGH] CWE-126 CVE-2022-2175: Buffer Over-read in GitHub repository vim/vim prior to 8.2. Buffer Over-read in GitHub repository vim/vim prior to 8.2.

CVE-2022-2183 [HIGH] CWE-125 CVE-2022-2183: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-2182 [HIGH] CWE-122 CVE-2022-2182: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-29526 [MEDIUM] CWE-269 CVE-2022-29526: Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a no Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVE-2022-33070 [MEDIUM] CVE-2022-33070: Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_a Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVE-2022-33068 [MEDIUM] CWE-190 CVE-2022-33068: An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

CVE-2022-2068 [HIGH] CVE-2022-2068: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstanc In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certifica

CVE-2022-1720 [HIGH] CWE-126 CVE-2022-1720: Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vul Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.