Fedoraproject Fedora vulnerabilities

CVE-2022-0559 [CRITICAL] CWE-416 CVE-2022-0559: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.

CVE-2022-25235 [CRITICAL] CWE-116 CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

CVE-2021-3781 [CRITICAL] CWE-20 CVE-2021-3781: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript inter A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidential

CVE-2021-3773 [CRITICAL] CWE-200 CVE-2021-3773: A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint in A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

CVE-2021-3752 [HIGH] CWE-416 CVE-2021-3752: A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls conn A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-3578 [HIGH] CWE-704 CVE-2021-3578: A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malici A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.

CVE-2022-23804 [HIGH] CWE-121 CVE-2022-23804: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCo A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-3551 [HIGH] CWE-312 CVE-2021-3551: A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admi A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

CVE-2021-3760 [HIGH] CWE-416 CVE-2021-3760: A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.

CVE-2022-25271 [HIGH] CWE-20 CVE-2022-25271: Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

CVE-2022-23803 [HIGH] CWE-121 CVE-2022-23803: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCo A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-25258 [MEDIUM] CWE-476 CVE-2022-25258: An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The US An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

CVE-2022-0613 [MEDIUM] CWE-639 CVE-2022-0613: Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.

CVE-2022-21698 [HIGH] CWE-400 CVE-2022-21698: client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp pac client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests wi

CVE-2022-0582 [CRITICAL] CWE-476 CVE-2022-0582: Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 all Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-0586 [HIGH] CWE-835 CVE-2022-0586: Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows den Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-0581 [HIGH] CWE-416 CVE-2022-0581: Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2022-0572 [HIGH] CWE-122 CVE-2022-0572: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2021-45444 [HIGH] CVE-2021-45444: In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

CVE-2022-0583 [HIGH] CWE-787 CVE-2022-0583: Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial o Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file