Fedoraproject Fedora vulnerabilities

CVE-2022-24048 [HIGH] CWE-121 CVE-2022-24048: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of

CVE-2022-24052 [HIGH] CWE-122 CVE-2022-24052: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This v MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of

CVE-2022-24051 [HIGH] CWE-134 CVE-2022-24051: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validat

CVE-2022-25314 [HIGH] CWE-190 CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

CVE-2020-25722 [HIGH] CWE-863 CVE-2020-25722: Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stor Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.

CVE-2021-20322 [HIGH] CWE-330 CVE-2021-20322: A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Lin A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and

CVE-2020-25717 [HIGH] CWE-20 CVE-2020-25717: A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CVE-2021-4093 [HIGH] CWE-125 CVE-2021-4093: A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the

CVE-2020-25718 [HIGH] CWE-862 CVE-2020-25718: A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an R A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

CVE-2020-25719 [HIGH] CWE-287 CVE-2020-25719: A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos na A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

CVE-2022-24050 [HIGH] CWE-416 CVE-2022-24050: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating t

CVE-2022-0585 [MEDIUM] CWE-834 CVE-2022-0585: Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow de Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

CVE-2022-23645 [MEDIUM] CWE-125 CVE-2022-23645: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versi swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing t

CVE-2021-20320 [MEDIUM] CWE-200 CVE-2021-20320: A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kerne A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

CVE-2022-25313 [MEDIUM] CWE-674 CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

CVE-2016-2124 [MEDIUM] CWE-287 CVE-2016-2124: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw t A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CVE-2021-44731 [HIGH] CWE-362 CVE-2021-44731: A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount name A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in sn

CVE-2021-4120 [HIGH] CWE-20 CVE-2021-4120: snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resu snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

CVE-2022-0629 [HIGH] CWE-121 CVE-2022-0629: Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2021-44730 [HIGH] CWE-59 CVE-2021-44730: snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1