Fedoraproject Fedora vulnerabilities

CVE-2022-21713 [MEDIUM] CWE-863 CVE-2022-21713: Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana ex Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to s

CVE-2022-21712 [HIGH] CWE-200 CVE-2022-21712: twisted is an event-driven networking engine written in Python. In affected versions twisted exposes twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

CVE-2022-23613 [HIGH] CWE-191 CVE-2022-23613: xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underfl xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgra

CVE-2021-41816 [CRITICAL] CWE-190 CVE-2021-41816: CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buff CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

CVE-2022-23614 [CRITICAL] CWE-74 CVE-2022-23614: Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of t Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow call

CVE-2022-23946 [HIGH] CWE-121 CVE-2022-23946: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNum A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40401 [HIGH] CWE-252 CVE-2021-40401: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-23947 [HIGH] CWE-121 CVE-2022-23947: A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNum A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-40403 [MEDIUM] CWE-456 CVE-2021-40403: An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerabil

CVE-2022-23833 [HIGH] CWE-835 CVE-2022-23833: An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 b An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

CVE-2022-22818 [MEDIUM] CWE-79 CVE-2022-22818: The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 do The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

CVE-2022-21724 [CRITICAL] CWE-665 CVE-2022-21724: pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postg pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClas

CVE-2022-0443 [HIGH] CWE-416 CVE-2022-0443: Use After Free in GitHub repository vim/vim prior to 8.2. Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-0417 [HIGH] CWE-122 CVE-2022-0417: Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

CVE-2021-43859 [HIGH] CWE-400 CVE-2021-43859: XStream is an open source java library to serialize objects to XML and back again. Versions prior to XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors an

CVE-2021-46669 [HIGH] CWE-416 CVE-2021-46669: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BI MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.

CVE-2021-46667 [MEDIUM] CWE-190 CVE-2021-46667: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.

CVE-2021-46668 [MEDIUM] CWE-400 CVE-2021-46668: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.

CVE-2021-46665 [MEDIUM] CVE-2021-46665: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expe MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.

CVE-2022-0419 [MEDIUM] CWE-476 CVE-2022-0419: NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.