CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora » 34 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30600 682 Bypass 2022-05-18 2022-06-13
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
2 CVE-2022-30599 89 Sql 2022-05-18 2022-06-13
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
3 CVE-2022-30598 2022-05-18 2022-06-13
4.0
None Remote Low ??? Partial None None
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
4 CVE-2022-30597 2022-05-18 2022-06-13
5.0
None Remote Low Not required Partial None None
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
5 CVE-2022-30596 79 XSS 2022-05-18 2022-06-13
3.5
None Remote Medium ??? None Partial None
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
6 CVE-2022-29536 787 Overflow 2022-04-20 2022-05-07
5.0
None Remote Low Not required None None Partial
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
7 CVE-2022-29117 400 DoS 2022-05-10 2022-05-23
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.
8 CVE-2022-28390 415 2022-04-03 2022-06-16
4.6
None Local Low Not required Partial Partial Partial
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
9 CVE-2022-28389 415 2022-04-03 2022-06-16
4.6
None Local Low Not required Partial Partial Partial
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
10 CVE-2022-28388 415 2022-04-03 2022-06-01
4.6
None Local Low Not required Partial Partial Partial
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
11 CVE-2022-28048 682 2022-04-15 2022-05-10
6.8
None Remote Medium Not required Partial Partial Partial
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
12 CVE-2022-28042 416 2022-04-15 2022-05-10
6.8
None Remote Medium Not required Partial Partial Partial
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
13 CVE-2022-28041 190 DoS Overflow 2022-04-15 2022-05-10
4.3
None Remote Medium Not required None None Partial
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
14 CVE-2022-27666 787 Overflow 2022-03-23 2022-05-10
4.6
None Local Low Not required Partial Partial Partial
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
15 CVE-2022-27651 276 2022-04-04 2022-05-07
4.9
None Remote Medium ??? Partial Partial None
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
16 CVE-2022-27650 276 2022-04-04 2022-04-13
6.0
None Remote Medium ??? Partial Partial Partial
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
17 CVE-2022-27470 787 2022-05-04 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
18 CVE-2022-27191 327 2022-03-18 2022-05-14
4.3
None Remote Medium Not required None None Partial
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
19 CVE-2022-26496 787 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
20 CVE-2022-26495 190 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
21 CVE-2022-26490 120 Overflow 2022-03-06 2022-06-03
4.6
None Local Low Not required Partial Partial Partial
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
22 CVE-2022-26361 Mem. Corr. 2022-04-05 2022-06-16
4.4
None Local Medium Not required Partial Partial Partial
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
23 CVE-2022-26360 Mem. Corr. 2022-04-05 2022-06-16
4.4
None Local Medium Not required Partial Partial Partial
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
24 CVE-2022-25601 79 XSS 2022-03-11 2022-04-19
4.3
None Remote Medium Not required None Partial None
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).
25 CVE-2022-25600 352 CSRF 2022-03-11 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
26 CVE-2022-25315 190 Overflow 2022-02-18 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
27 CVE-2022-25314 190 Overflow 2022-02-18 2022-06-14
5.0
None Remote Low Not required None None Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
28 CVE-2022-25313 400 2022-02-18 2022-06-14
4.3
None Remote Medium Not required None None Partial
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
29 CVE-2022-25235 116 2022-02-16 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
30 CVE-2022-24958 763 2022-02-11 2022-04-01
4.6
None Local Low Not required Partial Partial Partial
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
31 CVE-2022-24919 79 Exec Code XSS CSRF 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
32 CVE-2022-24918 79 Exec Code XSS CSRF 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
33 CVE-2022-24917 79 Exec Code XSS CSRF 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
34 CVE-2022-24884 347 2022-05-06 2022-05-16
5.0
None Remote Low Not required None Partial None
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
35 CVE-2022-24836 2022-04-11 2022-05-13
5.0
None Remote Low Not required None None Partial
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
36 CVE-2022-24828 94 2022-04-13 2022-05-07
6.8
None Remote Medium Not required Partial Partial Partial
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.
37 CVE-2022-24778 863 2022-03-25 2022-05-13
5.0
None Remote Low Not required Partial None None
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user.
38 CVE-2022-24769 732 +Priv 2022-03-24 2022-06-13
4.6
None Local Low Not required Partial Partial Partial
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.
39 CVE-2022-24737 200 +Info 2022-03-07 2022-05-01
4.3
None Remote Medium Not required Partial None None
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.
40 CVE-2022-24736 476 2022-04-27 2022-05-09
2.1
None Local Low Not required None None Partial
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
41 CVE-2022-24735 94 Exec Code 2022-04-27 2022-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
42 CVE-2022-24724 190 Exec Code Overflow Mem. Corr. +Info 2022-03-03 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.
43 CVE-2022-24713 400 DoS Bypass 2022-03-08 2022-06-04
5.0
None Remote Low Not required None None Partial
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
44 CVE-2022-24512 Exec Code 2022-03-09 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
.NET and Visual Studio Remote Code Execution Vulnerability.
45 CVE-2022-24464 DoS 2022-03-09 2022-05-12
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability.
46 CVE-2022-24407 89 Sql 2022-02-24 2022-04-25
6.5
None Remote Low ??? Partial Partial Partial
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
47 CVE-2022-24349 79 XSS 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
48 CVE-2022-24303 2022-03-28 2022-04-26
6.4
None Remote Low Not required None Partial Partial
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
49 CVE-2022-24302 362 2022-03-17 2022-05-23
4.3
None Remote Medium Not required Partial None None
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
50 CVE-2022-24191 835 Overflow 2022-04-04 2022-05-13
4.3
None Remote Medium Not required None None Partial
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
Total number of vulnerabilities : 1097   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.