Fedoraproject Fedora vulnerabilities

CVE-2022-0856 [MEDIUM] CWE-369 CVE-2022-0856: libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to c libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service

CVE-2021-3733 [MEDIUM] CWE-400 CVE-2021-3733: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat t

CVE-2021-3981 [LOW] CWE-276 CVE-2021-3981: A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous version

CVE-2022-24464 [HIGH] CVE-2022-24464: .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability

CVE-2022-24512 [MEDIUM] CVE-2022-24512: .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability

CVE-2022-24349 [MEDIUM] CWE-79 CVE-2022-24349: An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it t An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineerin

CVE-2022-24918 [MEDIUM] CWE-79 CVE-2022-24918: An authenticated user can create a link with reflected Javascript code inside it for items’ page and An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make

CVE-2022-24917 [MEDIUM] CWE-79 CVE-2022-24917: An authenticated user can create a link with reflected Javascript code inside it for services’ page An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can ma

CVE-2022-24919 [MEDIUM] CWE-79 CVE-2022-24919: An authenticated user can create a link with reflected Javascript code inside it for graphs’ page an An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can mak

CVE-2022-24713 [HIGH] CWE-400 CVE-2022-24713: regex is an implementation of regular expressions for the Rust language. The regex crate features bu regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's consi

CVE-2022-24737 [MEDIUM] CWE-200 CVE-2022-24737: HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposur

CVE-2022-26496 [CRITICAL] CWE-787 CVE-2022-26496: In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a bu In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.

CVE-2022-26495 [CRITICAL] CWE-190 CVE-2022-26495: In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer ov In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.

CVE-2022-26490 [HIGH] CWE-120 CVE-2022-26490: st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.1 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

CVE-2021-23214 [HIGH] CWE-89 CVE-2021-23214: When the server is configured to use trust authentication with a clientcert requirement or to use ce When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

CVE-2021-3575 [HIGH] CWE-787 CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompre A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

CVE-2021-3737 [HIGH] CWE-835 CVE-2021-3737: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python ma A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

CVE-2021-3656 [HIGH] CWE-862 CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS

CVE-2021-3743 [HIGH] CWE-125 CVE-2021-3743: An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux k An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

CVE-2021-3744 [MEDIUM] CVE-2021-3744: A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/cr A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.