Fedoraproject Fedora vulnerabilities

CVE-2021-46790 [HIGH] CWE-787 CVE-2021-46790: ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.

CVE-2022-29968 [HIGH] CWE-909 CVE-2022-29968: An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks i An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

CVE-2022-25844 [HIGH] CWE-1333 CVE-2022-25844: The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by pr The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerabl

CVE-2022-1227 [HIGH] CWE-281 CVE-2022-1227: A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or

CVE-2022-0984 [MEDIUM] CWE-863 CVE-2022-0984: Users with the capability to configure badge criteria (teachers and managers by default) were able t Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

CVE-2022-1015 [MEDIUM] CWE-787 CVE-2022-1015: A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsyst A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

CVE-2022-29869 [MEDIUM] CWE-532 CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

CVE-2022-24735 [HIGH] CWE-94 CVE-2022-24735: Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script exe Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measure

CVE-2022-27239 [HIGH] CWE-787 CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-li In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-24736 [MEDIUM] CWE-476 CVE-2022-24736: Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem

CVE-2022-1507 [MEDIUM] CWE-476 CVE-2022-1507: chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attac chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of servi

CVE-2022-24883 [CRITICAL] CWE-287 CVE-2022-24883: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, serve FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against

CVE-2022-24882 [HIGH] CWE-287 CVE-2022-24882: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, N FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There a

CVE-2022-28506 [MEDIUM] CWE-787 CVE-2022-28506: There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.

CVE-2022-27404 [CRITICAL] CWE-787 CVE-2022-27404: FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer ove FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

CVE-2022-27406 [HIGH] CWE-125 CVE-2022-27406: FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation vi FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

CVE-2022-27405 [HIGH] CWE-125 CVE-2022-27405: FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation vi FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

CVE-2022-1420 [MEDIUM] CWE-823 CVE-2022-1420: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

CVE-2022-29536 [HIGH] CWE-787 CVE-2022-29536: In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer ove In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

CVE-2022-24675 [HIGH] CWE-674 CVE-2022-24675: encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large am encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.