Fedoraproject Fedora vulnerabilities

CVE-2021-3847 [HIGH] CWE-281 CVE-2021-3847: An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kerne An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

CVE-2022-24790 [HIGH] CWE-444 CVE-2022-24790: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When us Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end

CVE-2022-1160 [HIGH] CWE-122 CVE-2022-1160: heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

CVE-2022-1154 [HIGH] CWE-416 CVE-2022-1154: Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

CVE-2022-28202 [MEDIUM] CWE-79 CVE-2022-28202: An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37 An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

CVE-2022-1055 [HIGH] CWE-416 CVE-2022-1055: A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to g A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

CVE-2022-1122 [MEDIUM] CWE-665 CVE-2022-1122: A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input di A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

CVE-2022-24303 [CRITICAL] CVE-2022-24303: Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are misha Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

CVE-2022-26280 [MEDIUM] CWE-125 CVE-2022-26280: Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_ Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

CVE-2022-27942 [HIGH] CWE-125 CVE-2022-27942: tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c. tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.

CVE-2022-27941 [HIGH] CWE-125 CVE-2022-27941: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get. tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

CVE-2022-27940 [HIGH] CWE-125 CVE-2022-27940: tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c. tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.

CVE-2022-27939 [MEDIUM] CWE-617 CVE-2022-27939: tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.

CVE-2022-27943 [MEDIUM] CWE-674 CVE-2022-27943: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrate libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

CVE-2022-22995 [CRITICAL] CWE-59 CVE-2022-22995: The combination of primitives offered by SMB and AFP in their default configuration allows the arbit The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE-2018-25032 [HIGH] CWE-787 CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2022-0500 [HIGH] CWE-119 CVE-2022-0500: A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

CVE-2022-0435 [HIGH] CWE-787 CVE-2022-0435: A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

CVE-2021-4157 [HIGH] CWE-119 CVE-2021-4157: An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was fo An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.

CVE-2022-27227 [HIGH] CVE-2022-27227: In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerD In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.