CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-34903 74 2022-07-01 2022-09-09
5.8
None Remote Medium Not required Partial Partial None
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
2 CVE-2022-33099 787 Overflow 2022-07-01 2022-11-05
5.0
None Remote Low Not required None None Partial
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
3 CVE-2022-32091 416 2022-07-01 2022-12-07
5.0
None Remote Low Not required None None Partial
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
4 CVE-2022-32089 2022-07-01 2022-12-07
5.0
None Remote Low Not required None None Partial
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
5 CVE-2022-32084 2022-07-01 2022-12-07
5.0
None Remote Low Not required None None Partial
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
6 CVE-2022-32082 617 2022-07-01 2022-12-07
5.0
None Remote Low Not required None None Partial
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
7 CVE-2022-31129 400 2022-07-06 2023-01-31
5.0
None Remote Low Not required None None Partial
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
8 CVE-2022-31116 670 2022-07-05 2022-11-05
5.0
None Remote Low Not required None None Partial
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.
9 CVE-2022-31033 200 +Info 2022-06-09 2022-11-29
5.0
None Remote Low Not required Partial None None
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.
10 CVE-2022-30597 2022-05-18 2022-06-13
5.0
None Remote Low Not required Partial None None
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
11 CVE-2022-30556 200 +Info 2022-06-09 2022-08-19
5.0
None Remote Low Not required Partial None None
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
12 CVE-2022-30522 770 2022-06-09 2022-09-07
5.0
None Remote Low Not required None None Partial
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
13 CVE-2022-29536 787 Overflow 2022-04-20 2022-10-05
5.0
None Remote Low Not required None None Partial
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
14 CVE-2022-29526 269 2022-06-23 2022-08-19
5.0
None Remote Low Not required Partial None None
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
15 CVE-2022-29404 770 DoS 2022-06-09 2022-08-24
5.0
None Remote Low Not required None None Partial
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
16 CVE-2022-29217 327 2022-05-24 2022-06-07
5.0
None Remote Low Not required None Partial None
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
17 CVE-2022-29145 DoS 2022-05-10 2022-10-06
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.
18 CVE-2022-29117 400 DoS 2022-05-10 2022-05-23
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.
19 CVE-2022-28614 190 2022-06-09 2022-08-24
5.0
None Remote Low Not required Partial None None
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
20 CVE-2022-28487 401 2022-05-04 2022-10-28
5.0
None Remote Low Not required Partial None None
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality.
21 CVE-2022-28327 2022-04-20 2022-10-14
5.0
None Remote Low Not required None None Partial
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
22 CVE-2022-27406 125 2022-04-22 2022-07-27
5.0
None Remote Low Not required None None Partial
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
23 CVE-2022-27405 125 2022-04-22 2022-07-27
5.0
None Remote Low Not required None None Partial
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
24 CVE-2022-26377 444 2022-06-09 2022-08-24
5.0
None Remote Low Not required None Partial None
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.
25 CVE-2022-26280 125 2022-03-28 2022-11-28
5.8
None Remote Medium Not required Partial None Partial
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
26 CVE-2022-25844 770 DoS 2022-05-01 2022-11-16
5.0
None Remote Low Not required None None Partial
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.
27 CVE-2022-25314 190 Overflow 2022-02-18 2022-10-05
5.0
None Remote Low Not required None None Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
28 CVE-2022-24884 347 2022-05-06 2022-05-16
5.0
None Remote Low Not required None Partial None
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
29 CVE-2022-24882 287 2022-04-26 2022-11-16
5.0
None Remote Low Not required Partial None None
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
30 CVE-2022-24836 400 2022-04-11 2022-12-21
5.0
None Remote Low Not required None None Partial
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
31 CVE-2022-24790 444 2022-03-30 2022-10-12
5.0
None Remote Low Not required None Partial None
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
32 CVE-2022-24785 22 Dir. Trav. 2022-04-04 2023-01-31
5.0
None Remote Low Not required None Partial None
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
33 CVE-2022-24778 863 2022-03-25 2023-01-25
5.0
None Remote Low Not required Partial None None
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user.
34 CVE-2022-24729 400 2022-03-16 2022-12-08
5.0
None Remote Low Not required None None Partial
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
35 CVE-2022-24713 400 DoS Bypass 2022-03-08 2023-01-20
5.0
None Remote Low Not required None None Partial
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
36 CVE-2022-24675 770 Overflow 2022-04-20 2022-10-05
5.0
None Remote Low Not required None None Partial
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
37 CVE-2022-24464 DoS 2022-03-09 2022-05-12
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability.
38 CVE-2022-24070 416 Mem. Corr. 2022-04-12 2022-10-28
5.0
None Remote Low Not required None None Partial
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected.
39 CVE-2022-23990 190 Overflow 2022-01-26 2022-10-31
5.0
None Remote Low Not required None None Partial
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
40 CVE-2022-23833 835 2022-02-03 2022-11-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.
41 CVE-2022-23648 200 Bypass +Info 2022-03-03 2022-04-25
5.0
None Remote Low Not required Partial None None
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
42 CVE-2022-23267 400 DoS 2022-05-10 2022-10-18
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
43 CVE-2022-23134 863 2022-01-13 2022-02-10
5.0
None Remote Low Not required None Partial None
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
44 CVE-2022-23094 476 DoS 2022-01-15 2022-01-24
5.0
None Remote Low Not required None None Partial
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
45 CVE-2022-22721 190 Overflow 2022-03-14 2022-11-02
5.8
None Remote Medium Not required None Partial Partial
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
46 CVE-2022-22719 665 2022-03-14 2022-11-02
5.0
None Remote Low Not required None None Partial
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
47 CVE-2022-21716 120 2022-03-03 2023-01-13
5.0
None Remote Low Not required None None Partial
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
48 CVE-2022-21712 200 +Info 2022-02-07 2023-02-01
5.0
None Remote Low Not required Partial None None
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.
49 CVE-2022-21698 400 DoS 2022-02-15 2022-12-09
5.0
None Remote Low Not required None None Partial
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.
50 CVE-2022-21681 DoS 2022-01-14 2022-11-16
5.0
None Remote Low Not required None None Partial
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Total number of vulnerabilities : 806   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.