Fedoraproject Fedora vulnerabilities

CVE-2022-1897 [HIGH] CWE-787 CVE-2022-1897: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

CVE-2022-30789 [HIGH] CWE-787 CVE-2022-30789: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

CVE-2022-30784 [HIGH] CWE-120 CVE-2022-30784: A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8 A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

CVE-2022-30786 [HIGH] CWE-787 CVE-2022-30786: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G th A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

CVE-2022-1886 [HIGH] CWE-122 CVE-2022-1886: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-30788 [HIGH] CWE-787 CVE-2022-30788: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

CVE-2022-30785 [MEDIUM] CVE-2022-30785: A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary mem A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

CVE-2022-30787 [MEDIUM] CWE-191 CVE-2022-30787: An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

CVE-2022-22662 [MEDIUM] CVE-2022-22662: A cookie management issue was addressed with improved state management. This issue is fixed in Secur A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.

CVE-2022-26691 [MEDIUM] CWE-697 CVE-2022-26691: A logic issue was addressed with improved state management. This issue is fixed in Security Update 2 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.

CVE-2022-30783 [MEDIUM] CWE-252 CVE-2022-30783: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic betw An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

CVE-2022-1851 [HIGH] CWE-125 CVE-2022-1851: Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-1348 [MEDIUM] CWE-732 CVE-2022-1348: A vulnerability was found in logrotate in how the state file is created. The state file is used to p A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any ro

CVE-2022-29217 [HIGH] CWE-327 CVE-2022-29217: PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorith PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get

CVE-2021-42612 [HIGH] CWE-416 CVE-2021-42612: A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentati A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

CVE-2021-42613 [HIGH] CWE-415 CVE-2021-42613: A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of ser A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVE-2021-42614 [HIGH] CWE-416 CVE-2021-42614: A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a se A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

CVE-2022-30599 [CRITICAL] CWE-89 CVE-2022-30599: A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to con A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

CVE-2022-30600 [CRITICAL] CWE-682 CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the accou A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

CVE-2022-30596 [MEDIUM] CWE-79 CVE-2022-30596: A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments re A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.