Fedoraproject Fedora vulnerabilities

CVE-2022-0330 [HIGH] CWE-281 CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVE-2022-0983 [HIGH] CWE-89 CVE-2022-0983: An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

CVE-2022-0995 [HIGH] CWE-787 CVE-2022-0995: An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notificat An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

CVE-2022-24778 [HIGH] CWE-863 CVE-2022-24778: The imgcrypt library provides API exensions for containerd to support encrypted container images and The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent th

CVE-2021-3933 [MEDIUM] CWE-190 CVE-2021-3933: An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 b An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

CVE-2021-4147 [MEDIUM] CWE-667 CVE-2021-4147: A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

CVE-2021-3941 [MEDIUM] CWE-369 CVE-2021-3941: In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = ( In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of prog

CVE-2022-0322 [MEDIUM] CWE-681 CVE-2022-0322: A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP netw A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

CVE-2022-27920 [MEDIUM] CWE-79 CVE-2022-27920: libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggest libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.

CVE-2022-24769 [MEDIUM] CWE-732 CVE-2022-24769: Moby is an open-source project created by Docker to enable and accelerate software containerization. Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capa

CVE-2022-27666 [HIGH] CWE-787 CVE-2022-27666: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ip A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

CVE-2021-3748 [HIGH] CWE-416 CVE-2021-3748: A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the d A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute c

CVE-2021-3618 [HIGH] CWE-295 CVE-2021-3618: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementin ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS sess

CVE-2021-25220 [MEDIUM] CWE-444 CVE-2021-25220: BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with

CVE-2022-0396 [MEDIUM] CWE-404 CVE-2022-0396: BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supporte BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

CVE-2021-4148 [MEDIUM] CWE-354 CVE-2021-4148: A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesyste A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

CVE-2022-0996 [MEDIUM] CWE-287 CVE-2022-0996: A vulnerability was found in the 389 Directory Server that allows expired passwords to access the da A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

CVE-2022-0547 [CRITICAL] CWE-305 CVE-2022-0547: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plu OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

CVE-2022-27191 [HIGH] CVE-2022-27191: The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attack The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

CVE-2022-1011 [HIGH] CWE-416 CVE-2022-1011: A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers wri A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.