CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-32511 2022-06-06 2022-11-29
7.5
None Remote Low Not required Partial Partial Partial
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
2 CVE-2022-32250 416 2022-06-02 2022-09-09
7.2
None Local Low Not required Complete Complete Complete
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
3 CVE-2022-32207 276 2022-07-07 2023-01-05
7.5
None Remote Low Not required Partial Partial Partial
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
4 CVE-2022-32081 416 2022-07-01 2022-12-07
7.5
None Remote Low Not required Partial Partial Partial
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
5 CVE-2022-31813 345 Bypass 2022-06-09 2022-08-19
7.5
None Remote Low Not required Partial Partial Partial
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
6 CVE-2022-31799 755 2022-06-02 2022-12-12
7.5
None Remote Low Not required Partial Partial Partial
Bottle before 0.12.20 mishandles errors during early request binding.
7 CVE-2022-31214 269 +Priv 2022-06-09 2022-10-27
7.2
None Local Low Not required Complete Complete Complete
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.
8 CVE-2022-30785 2022-05-26 2023-01-13
7.2
None Local Low Not required Complete Complete Complete
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
9 CVE-2022-30767 120 Overflow 2022-05-16 2022-10-27
7.5
None Remote Low Not required Partial Partial Partial
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
10 CVE-2022-30600 682 Bypass 2022-05-18 2022-06-13
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
11 CVE-2022-30599 89 Sql 2022-05-18 2022-06-13
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
12 CVE-2022-30292 787 Overflow 2022-05-04 2022-12-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
13 CVE-2022-29502 2022-05-05 2022-09-09
7.5
None Remote Low Not required Partial Partial Partial
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
14 CVE-2022-27404 787 Overflow 2022-04-22 2022-07-27
7.5
None Remote Low Not required Partial Partial Partial
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
15 CVE-2022-27239 787 Overflow +Priv 2022-04-27 2022-10-05
7.2
None Local Low Not required Complete Complete Complete
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
16 CVE-2022-26691 269 +Priv 2022-05-26 2022-10-19
7.2
None Local Low Not required Complete Complete Complete
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
17 CVE-2022-26496 787 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
18 CVE-2022-26495 190 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
19 CVE-2022-26364 2022-06-09 2022-08-24
7.2
None Local Low Not required Complete Complete Complete
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
20 CVE-2022-26363 2022-06-09 2022-08-24
7.2
None Local Low Not required Complete Complete Complete
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
21 CVE-2022-25648 88 2022-04-19 2023-01-31
7.5
None Remote Low Not required Partial Partial Partial
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
22 CVE-2022-25315 190 Overflow 2022-02-18 2022-10-05
7.5
None Remote Low Not required Partial Partial Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
23 CVE-2022-25235 116 2022-02-16 2022-10-07
7.5
None Remote Low Not required Partial Partial Partial
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
24 CVE-2022-24724 190 Exec Code Overflow Mem. Corr. +Info 2022-03-03 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
25 CVE-2022-24065 88 2022-06-08 2023-01-19
7.5
None Remote Low Not required Partial Partial Partial
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
26 CVE-2022-23943 787 2022-03-14 2022-10-26
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
27 CVE-2022-23614 74 2022-02-04 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.
28 CVE-2022-23613 191 Exec Code Overflow 2022-02-07 2022-03-15
7.2
None Local Low Not required Complete Complete Complete
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.
29 CVE-2022-23222 476 +Priv 2022-01-14 2022-10-14
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
30 CVE-2022-23132 732 Bypass 2022-01-13 2022-02-10
7.5
None Remote Low Not required Partial Partial Partial
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
31 CVE-2022-22720 444 2022-03-14 2022-11-02
7.5
None Remote Low Not required Partial Partial Partial
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
32 CVE-2022-21724 665 Exec Code 2022-02-02 2022-11-09
7.5
None Remote Low Not required Partial Partial Partial
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
33 CVE-2022-20785 401 DoS 2022-05-04 2022-07-01
7.8
None Remote Low Not required None None Complete
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
34 CVE-2022-20771 DoS 2022-05-04 2022-07-01
7.8
None Remote Low Not required None None Complete
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
35 CVE-2022-20770 DoS 2022-05-04 2022-07-01
7.8
None Remote Low Not required None None Complete
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
36 CVE-2022-1998 416 2022-06-09 2022-10-05
7.2
None Local Low Not required Complete Complete Complete
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
37 CVE-2022-1708 400 Exec Code 2022-06-07 2022-06-14
7.8
None Remote Low Not required None None Complete
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
38 CVE-2022-0995 787 DoS +Priv 2022-03-25 2022-09-23
7.2
None Local Low Not required Complete Complete Complete
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
39 CVE-2022-0847 665 2022-03-10 2022-12-09
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
40 CVE-2022-0712 476 2022-02-22 2022-04-08
7.1
None Remote Medium Not required None None Complete
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.
41 CVE-2022-0586 835 DoS 2022-02-14 2022-11-04
7.8
None Remote Low Not required None None Complete
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
42 CVE-2022-0582 74 DoS 2022-02-14 2022-11-04
7.5
None Remote Low Not required Partial Partial Partial
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
43 CVE-2022-0559 416 2022-02-16 2022-04-08
7.5
None Remote Low Not required Partial Partial Partial
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
44 CVE-2022-0547 287 Bypass 2022-03-18 2022-09-09
7.5
None Remote Low Not required Partial Partial Partial
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
45 CVE-2022-0500 119 Overflow 2022-03-25 2022-07-21
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
46 CVE-2021-45417 787 Overflow 2022-01-20 2022-01-26
7.2
None Local Low Not required Complete Complete Complete
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
47 CVE-2021-44847 787 Exec Code Overflow 2021-12-13 2022-02-08
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
48 CVE-2021-44790 787 Overflow 2021-12-20 2022-11-02
7.5
None Remote Low Not required Partial Partial Partial
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
49 CVE-2021-44420 Bypass 2021-12-08 2022-07-12
7.5
None Remote Low Not required Partial Partial Partial
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
50 CVE-2021-44143 787 Exec Code Overflow 2021-11-22 2022-10-25
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Total number of vulnerabilities : 474   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.