Fedoraproject Fedora vulnerabilities

CVE-2022-21673 [MEDIUM] CWE-200 CVE-2022-21673: Grafana is an open-source platform for monitoring and observability. In affected versions when a dat Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retr

CVE-2022-23304 [CRITICAL] CVE-2022-23304: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

CVE-2022-23303 [CRITICAL] CVE-2022-23303: The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to s The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

CVE-2022-0238 [MEDIUM] CWE-352 CVE-2022-0238: phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-23094 [HIGH] CWE-476 CVE-2022-23094: Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer derefer Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

CVE-2021-44537 [HIGH] CWE-74 CVE-2021-44537: ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

CVE-2022-21681 [HIGH] CWE-400 CVE-2022-21681: Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.re Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issu

CVE-2022-23222 [HIGH] CWE-476 CVE-2022-23222: kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges beca kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

CVE-2022-21680 [HIGH] CWE-400 CVE-2022-21680: Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected.

CVE-2021-46022 [MEDIUM] CWE-416 CVE-2021-46022: An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVE-2021-46019 [MEDIUM] CWE-476 CVE-2021-46019: An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVE-2021-46021 [MEDIUM] CWE-416 CVE-2021-46021: An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

CVE-2022-23132 [HIGH] CWE-284 CVE-2022-23132: During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files i During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

CVE-2022-0197 [HIGH] CWE-352 CVE-2022-0197: phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-0196 [HIGH] CWE-352 CVE-2022-0196: phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-21682 [MEDIUM] CWE-22 CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will

CVE-2022-23134 [MEDIUM] CWE-284 CVE-2022-23134: After the initial setup process, some steps of setup.php file are reachable not only by super-admini After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

CVE-2022-23133 [MEDIUM] CWE-79 CVE-2022-23133: An authenticated user can create a hosts group from the configuration with XSS payload, which will b An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to im

CVE-2021-44648 [HIGH] CWE-787 CVE-2021-44648: GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

CVE-2021-43860 [HIGH] CWE-269 CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1 Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore app