Fedoraproject Fedora vulnerabilities

CVE-2021-28544 [MEDIUM] CWE-200 CVE-2021-28544: Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact t

CVE-2022-24836 [HIGH] CWE-400 CVE-2022-24836: Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficie Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `= 1.13.4`. There are no known workarounds for this issue.

CVE-2022-28805 [CRITICAL] CWE-125 CVE-2022-28805: singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_ex singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

CVE-2022-28796 [HIGH] CWE-362 CVE-2022-28796: jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2021-43138 [HIGH] CWE-1321 CVE-2021-43138: In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

CVE-2022-26358 [HIGH] CVE-2022-26358: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for

CVE-2022-26360 [HIGH] CVE-2022-26360: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for

CVE-2022-26361 [HIGH] CVE-2022-26361: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for

CVE-2022-26357 [HIGH] CWE-362 CVE-2022-26357: race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for on race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d doma

CVE-2022-26359 [HIGH] CVE-2022-26359: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to mu IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for

CVE-2022-26356 [MEDIUM] CWE-667 CVE-2022-26356: Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirt Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of

CVE-2022-24785 [HIGH] CWE-22 CVE-2022-24785: Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied

CVE-2022-27650 [HIGH] CWE-276 CVE-2022-27650: A flaw was found in crun where containers were incorrectly started with non-empty default permission A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate thos

CVE-2022-27649 [HIGH] CWE-276 CVE-2022-27649: A flaw was found in Podman, where containers were started incorrectly with non-empty default permiss A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate

CVE-2022-24801 [HIGH] CWE-444 CVE-2022-24801: Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to vers Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple

CVE-2022-24191 [MEDIUM] CWE-835 CVE-2022-24191: In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily p In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

CVE-2022-27651 [MEDIUM] CWE-276 CVE-2022-27651: A flaw was found in buildah where containers were incorrectly started with non-empty default permiss A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilitie

CVE-2022-28390 [HIGH] CWE-415 CVE-2022-28390: ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

CVE-2022-28389 [MEDIUM] CWE-415 CVE-2022-28389: mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a doubl mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

CVE-2022-28388 [MEDIUM] CWE-415 CVE-2022-28388: usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a doubl usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.