Fedoraproject Fedora vulnerabilities

CVE-2022-1998 [HIGH] CWE-416 CVE-2022-1998: A use after free in the Linux kernel File System notify functionality was found in the way user trig A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVE-2022-31033 [HIGH] CWE-200 CVE-2022-31033: The Mechanize library is used for automating interaction with websites. Mechanize automatically stor The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or late

CVE-2022-26364 [MEDIUM] CVE-2022-26364: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multipl x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests ma

CVE-2022-28614 [MEDIUM] CWE-190 CVE-2022-28614: The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an a The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a v

CVE-2022-31030 [MEDIUM] CWE-400 CVE-2022-31030: containerd is an open source container runtime. A bug was found in the containerd's CRI implementati containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimat

CVE-2022-26362 [MEDIUM] CWE-362 CVE-2022-26362: x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in add x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type re

CVE-2022-26363 [MEDIUM] CVE-2022-26363: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multipl x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests ma

CVE-2022-1996 [CRITICAL] CWE-639 CVE-2022-1996: Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

CVE-2022-24065 [CRITICAL] CWE-78 CVE-2022-24065: The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

CVE-2022-1708 [HIGH] CWE-400 CVE-2022-1708: A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyon A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of

CVE-2022-32511 [CRITICAL] CVE-2022-32511: jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is p jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.

CVE-2022-31799 [CRITICAL] CWE-755 CVE-2022-31799: Bottle before 0.12.20 mishandles errors during early request binding. Bottle before 0.12.20 mishandles errors during early request binding.

CVE-2022-1949 [HIGH] CWE-639 CVE-2022-1949: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that wou An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, i

CVE-2022-32250 [HIGH] CWE-416 CVE-2022-32250: net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

CVE-2022-27776 [MEDIUM] CWE-522 CVE-2022-27776: A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authenticati A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.

CVE-2022-31783 [MEDIUM] CWE-787 CVE-2022-31783: Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstra Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.

CVE-2022-1789 [MEDIUM] CWE-476 CVE-2022-1789: With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INV With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

CVE-2022-1942 [HIGH] CWE-122 CVE-2022-1942: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-1927 [HIGH] CWE-126 CVE-2022-1927: Buffer Over-read in GitHub repository vim/vim prior to 8.2. Buffer Over-read in GitHub repository vim/vim prior to 8.2.

CVE-2022-1898 [HIGH] CWE-416 CVE-2022-1898: Use After Free in GitHub repository vim/vim prior to 8.2. Use After Free in GitHub repository vim/vim prior to 8.2.