Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46149 | 2 Capnproto, Fedoraproject | 3 Capnp, Capnproto, Fedora | 2023-02-10 | N/A | 5.4 MEDIUM |
| Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2. | |||||
| CVE-2019-13751 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-8624 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2023-02-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | |||||
| CVE-2022-24769 | 5 Debian, Fedoraproject, Linux and 2 more | 5 Debian Linux, Fedora, Linux Kernel and 2 more | 2023-02-10 | 4.6 MEDIUM | 5.9 MEDIUM |
| Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. | |||||
| CVE-2022-41742 | 3 Debian, F5, Fedoraproject | 4 Debian Linux, Nginx, Nginx Ingress Controller and 1 more | 2023-02-10 | N/A | 7.1 HIGH |
| NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. | |||||
| CVE-2020-25597 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2023-02-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable. | |||||
| CVE-2014-0160 | 11 Canonical, Debian, Fedoraproject and 8 more | 33 Ubuntu Linux, Debian Linux, Fedora and 30 more | 2023-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | |||||
| CVE-2022-31160 | 5 Debian, Drupal, Fedoraproject and 2 more | 15 Debian Linux, Jquery Ui Checkboxradio, Fedora and 12 more | 2023-02-10 | N/A | 6.1 MEDIUM |
| jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`. | |||||
| CVE-2022-42916 | 3 Apple, Fedoraproject, Haxx | 3 Macos, Fedora, Curl | 2023-02-10 | N/A | 7.5 HIGH |
| In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. | |||||
| CVE-2022-3560 | 3 Fedoraproject, Pesign Project, Redhat | 3 Fedora, Pesign, Enterprise Linux | 2023-02-10 | N/A | 5.5 MEDIUM |
| A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. | |||||
| CVE-2022-47021 | 2 Fedoraproject, Xiph | 2 Fedora, Opusfile | 2023-02-09 | N/A | 7.8 HIGH |
| A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts. | |||||
| CVE-2019-18928 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2023-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | |||||
| CVE-2022-21663 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2023-02-09 | 6.5 MEDIUM | 7.2 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | |||||
| CVE-2022-29968 | 3 Fedoraproject, Linux, Netapp | 13 Fedora, Linux Kernel, H300s and 10 more | 2023-02-09 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | |||||
| CVE-2022-3550 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2023-02-09 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. | |||||
| CVE-2022-3551 | 3 Debian, Fedoraproject, X.org | 3 Debian Linux, Fedora, X Server | 2023-02-09 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. | |||||
| CVE-2022-4254 | 2 Fedoraproject, Redhat | 13 Sssd, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2023-02-09 | N/A | 8.8 HIGH |
| sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | |||||
| CVE-2020-14410 | 3 Debian, Fedoraproject, Libsdl | 3 Debian Linux, Fedora, Simple Directmedia Layer | 2023-02-08 | 5.8 MEDIUM | 5.4 MEDIUM |
| SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. | |||||
| CVE-2019-7638 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-08 | 6.8 MEDIUM | 8.8 HIGH |
| SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. | |||||
| CVE-2020-14409 | 4 Debian, Fedoraproject, Libsdl and 1 more | 4 Debian Linux, Fedora, Simple Directmedia Layer and 1 more | 2023-02-08 | 6.8 MEDIUM | 7.8 HIGH |
| SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. | |||||