Filtered by vendor Fedoraproject
Subscribe
Total
5331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39318 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2024-11-21 | N/A | 4.8 MEDIUM |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | |||||
| CVE-2022-39317 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2024-11-21 | N/A | 4.6 MEDIUM |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue. | |||||
| CVE-2022-39316 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2024-11-21 | N/A | 4.8 MEDIUM |
| FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. | |||||
| CVE-2022-39286 | 3 Debian, Fedoraproject, Jupyter | 3 Debian Linux, Fedora, Jupyter Core | 2024-11-21 | N/A | 8.8 HIGH |
| Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds. | |||||
| CVE-2022-39283 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2024-11-21 | N/A | 5.9 MEDIUM |
| FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. | |||||
| CVE-2022-39282 | 2 Fedoraproject, Freerdp | 2 Fedora, Freerdp | 2024-11-21 | N/A | 3.5 LOW |
| FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. | |||||
| CVE-2022-39264 | 2 Fedoraproject, Nheko-reborn | 2 Fedora, Nheko | 2024-11-21 | N/A | 8.6 HIGH |
| nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu. | |||||
| CVE-2022-39261 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. | |||||
| CVE-2022-39260 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Xcode, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A | 8.5 HIGH |
| Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. | |||||
| CVE-2022-39253 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Xcode, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. | |||||
| CVE-2022-39209 | 2 Fedoraproject, Github | 2 Fedora, Cmark-gfm | 2024-11-21 | N/A | 7.5 HIGH |
| cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension. | |||||
| CVE-2022-39170 | 2 Fedoraproject, Libdwarf Project | 2 Fedora, Libdwarf | 2024-11-21 | N/A | 8.8 HIGH |
| libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. | |||||
| CVE-2022-38791 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2024-11-21 | N/A | 5.5 MEDIUM |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | |||||
| CVE-2022-38784 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2024-11-21 | N/A | 7.8 HIGH |
| Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. | |||||
| CVE-2022-38533 | 2 Fedoraproject, Gnu | 2 Fedora, Binutils | 2024-11-21 | N/A | 5.5 MEDIUM |
| In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | |||||
| CVE-2022-38223 | 2 Fedoraproject, Tats | 2 Fedora, W3m | 2024-11-21 | N/A | 7.8 HIGH |
| There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | |||||
| CVE-2022-38178 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-38177 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-38150 | 2 Fedoraproject, Varnish Cache Project | 2 Fedora, Varnish Cache | 2024-11-21 | N/A | 7.5 HIGH |
| In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. | |||||
| CVE-2022-38076 | 3 Debian, Fedoraproject, Intel | 15 Debian Linux, Fedora, Dual Band Wireless-ac 3165 and 12 more | 2024-11-21 | N/A | 3.8 LOW |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||