Fedoraproject Fedora vulnerabilities

CVE-2022-0730 [CRITICAL] CWE-287 CVE-2022-0730: Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

CVE-2022-24724 [CRITICAL] CWE-190 CVE-2022-24724: cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to ver cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this he

CVE-2021-3640 [HIGH] CWE-362 CVE-2021-3640: A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the

CVE-2022-21716 [HIGH] CWE-120 CVE-2022-21716: Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A pat

CVE-2022-0492 [HIGH] CWE-287 CVE-2022-0492: A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgro A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

CVE-2022-23648 [HIGH] CWE-200 CVE-2022-23648: containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in co containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the

CVE-2022-26126 [HIGH] CWE-119 CVE-2022-26126: Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

CVE-2021-4002 [MEDIUM] CWE-459 CVE-2021-4002: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps s A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

CVE-2021-3638 [MEDIUM] CWE-787 CVE-2021-3638: An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occ An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of ser

CVE-2021-3658 [MEDIUM] CWE-863 CVE-2021-3658: bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers.

CVE-2021-3623 [MEDIUM] CWE-787 CVE-2021-3623: A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets co A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability.

CVE-2021-3677 [MEDIUM] CWE-200 CVE-2021-3677: A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. I A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible

CVE-2022-23308 [HIGH] CWE-416 CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVE-2022-24407 [HIGH] CWE-89 CVE-2022-24407: In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

CVE-2021-25636 [HIGH] CWE-347 CVE-2021-25636: LibreOffice supports digital signatures of ODF documents and macros within documents, presenting vis LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating t

CVE-2019-25058 [HIGH] CWE-863 CVE-2019-25058: An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.

CVE-2021-26252 [HIGH] CWE-787 CVE-2021-26252: A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx m A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

CVE-2022-0546 [HIGH] CWE-190 CVE-2022-0546: A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds hea A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

CVE-2021-3610 [HIGH] CWE-125 CVE-2021-3610: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 i A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

CVE-2021-3700 [MEDIUM] CWE-416 CVE-2021-3700: A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirpars A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.