Fedora Project Fedora Project

Do you want an email whenever new security vulnerabilities are reported in any Fedora Project product?

Products by Fedora Project Sorted by Most Security Vulnerabilities since 2018

Fedora Project Fedora2743 vulnerabilities

Fedora Project Fedora Core6 vulnerabilities

Fedora Project Sssd4 vulnerabilities

@fedora Tweets

What has Red Hat's Community Platform Engineering team been up to? Ellen O'Carroll shared at the #Fedora Linux 36 R… https://t.co/Clq6IsA5os
Wed May 25 16:25:13 +0000 2022

RT @devconf_cz: Want to learn more about #Fedora Packager Dashboard? Join @FZatlouk at #DevConf_cz Mini next Thursday, June 2 to see the ne…
Wed May 25 13:06:40 +0000 2022

Did you miss Dusty Mabe giving an update on the latest @FedoraCoreOS news at the #Fedora Linux 36 Release Party? Yo… https://t.co/HDUGBiLfys
Tue May 24 19:18:34 +0000 2022

By the Year

In 2022 there have been 315 vulnerabilities in Fedora Project with an average score of 7.0 out of ten. Last year Fedora Project had 1122 security vulnerabilities published. Right now, Fedora Project is on track to have less security vulnerabilities in 2022 than it did last year. Last year, the average CVE base score was greater by 0.08

Year Vulnerabilities Average Score
2022 315 7.02
2021 1122 7.11
2020 632 6.92
2019 422 7.31
2018 71 7.17

It may take a day or so for new Fedora Project vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fedora Project Security Vulnerabilities

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file

CVE-2022-1586 9.1 - Critical - May 16, 2022

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Out-of-bounds Read

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938

CVE-2022-1674 5.5 - Medium - May 12, 2022

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

NULL Pointer Dereference

.NET and Visual Studio Denial of Service Vulnerability

CVE-2022-29117 7.5 - High - May 10, 2022

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.

Resource Exhaustion

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901

CVE-2022-1620 7.5 - High - May 08, 2022

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

NULL Pointer Dereference

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899

CVE-2022-1619 7.8 - High - May 08, 2022

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

Memory Corruption

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895

CVE-2022-1616 7.8 - High - May 07, 2022

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Dangling pointer

Keylime does not enforce

CVE-2022-1053 9.1 - Critical - May 06, 2022

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,

Improper Input Validation

Rsyslog is a rocket-fast system for log processing

CVE-2022-24903 8.1 - High - May 06, 2022

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.

Classic Buffer Overflow

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify)

CVE-2022-24884 7.5 - High - May 06, 2022

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.

Improper Verification of Cryptographic Signature

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid()

CVE-2022-27470 7.8 - High - May 04, 2022

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

Memory Corruption

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows

CVE-2022-29824 6.5 - Medium - May 03, 2022

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Integer Overflow or Wraparound

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria

CVE-2022-0984 4.3 - Medium - April 29, 2022

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

AuthZ

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem

CVE-2022-1015 6.6 - Medium - April 29, 2022

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.

Memory Corruption

Redis is an in-memory database that persists on disk

CVE-2022-24735 7.8 - High - April 27, 2022

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

Code Injection

Redis is an in-memory database that persists on disk

CVE-2022-24736 5.5 - Medium - April 27, 2022

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

NULL Pointer Dereference

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow

CVE-2022-27404 9.8 - Critical - April 22, 2022

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

Memory Corruption

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation

CVE-2022-27405 7.5 - High - April 22, 2022

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

Out-of-bounds Read

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation

CVE-2022-27406 7.5 - High - April 22, 2022

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

Out-of-bounds Read

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

CVE-2022-1420 5.5 - Medium - April 21, 2022

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

Buffer Overflow

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process)

CVE-2022-29536 7.5 - High - April 20, 2022

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.

Memory Corruption

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions

CVE-2022-27652 5.3 - Medium - April 18, 2022

A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Incorrect Default Permissions

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c

CVE-2021-42781 5.3 - Medium - April 18, 2022

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

Memory Corruption

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places

CVE-2021-42782 5.3 - Medium - April 18, 2022

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

Memory Corruption

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

CVE-2021-42778 5.3 - Medium - April 18, 2022

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

Operation on a Resource after Expiration or Release

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

CVE-2021-42779 5.3 - Medium - April 18, 2022

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

Dangling pointer

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function

CVE-2021-42780 5.3 - Medium - April 18, 2022

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

Unchecked Return Value

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763

CVE-2022-1381 7.8 - High - April 18, 2022

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Memory Corruption

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4

CVE-2022-1231 6.1 - Medium - April 15, 2022

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

XSS

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc

CVE-2022-28041 6.5 - Medium - April 15, 2022

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Integer Overflow or Wraparound

stb_image.h v2.27 was discovered to contain an heap-based use-after-free

CVE-2022-28042 8.8 - High - April 15, 2022

stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.

Dangling pointer

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.

CVE-2022-28048 8.8 - High - April 15, 2022

STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.

Incorrect Calculation

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5

CVE-2022-1304 7.8 - High - April 14, 2022

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Out-of-bounds Read

Composer is a dependency manager for the PHP programming language

CVE-2022-24828 8.8 - High - April 13, 2022

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.

Code Injection

Nokogiri is an open source XML and HTML library for Ruby

CVE-2022-24836 7.5 - High - April 11, 2022

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796 7 - High - April 08, 2022

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

Dangling pointer

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions

CVE-2022-27649 7.5 - High - April 04, 2022

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Incorrect Default Permissions

A flaw was found in crun where containers were incorrectly started with non-empty default permissions

CVE-2022-27650 7.5 - High - April 04, 2022

A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Incorrect Default Permissions

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions

CVE-2022-27651 6.8 - Medium - April 04, 2022

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Incorrect Default Permissions

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function

CVE-2022-24191 5.5 - Medium - April 04, 2022

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.

Infinite Loop

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file

CVE-2021-3847 7.8 - High - April 01, 2022

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.

Improper Preservation of Permissions

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files

CVE-2022-1122 5.5 - Medium - March 29, 2022

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.

Access of Uninitialized Pointer

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation

CVE-2022-1055 7.8 - High - March 29, 2022

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Dangling pointer

Pillow before 9.0.1

CVE-2022-24303 9.1 - Critical - March 28, 2022

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter

CVE-2022-27920 6.1 - Medium - March 25, 2022

libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.

XSS

An out-of-bounds (OOB) memory write flaw was found in the Linux kernels watch_queue event notification subsystem

CVE-2022-0995 7.1 - High - March 25, 2022

An out-of-bounds (OOB) memory write flaw was found in the Linux kernels watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Memory Corruption

An SQL injection risk was identified in Badges code relating to configuring criteria

CVE-2022-0983 8.8 - High - March 25, 2022

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

SQL Injection

In ImfChromaticities.cpp routine RGBtoXYZ()

CVE-2021-3941 6.5 - Medium - March 25, 2022

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Divide By Zero

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits

CVE-2021-3933 5.5 - Medium - March 25, 2022

An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.

Integer Overflow or Wraparound

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU

CVE-2022-0330 7.8 - High - March 25, 2022

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Improper Preservation of Permissions

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access

CVE-2022-0322 5.5 - Medium - March 25, 2022

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).

Incorrect Type Conversion or Cast

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS)

CVE-2021-4157 8 - High - March 25, 2022

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.

Buffer Overflow

A flaw was found in the libvirt libxl driver

CVE-2021-4147 6.5 - Medium - March 25, 2022

A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.

Improper Locking

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD

CVE-2022-0500 7.8 - High - March 25, 2022

A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernels BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.

Buffer Overflow

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64

CVE-2022-0435 8.8 - High - March 25, 2022

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Memory Corruption

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images

CVE-2022-24778 7.5 - High - March 25, 2022

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user.

AuthZ

zlib before 1.2.12 allows memory corruption when deflating (i.e

CVE-2018-25032 7.5 - High - March 25, 2022

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Memory Corruption

Moby is an open-source project created by Docker to enable and accelerate software containerization

CVE-2022-24769 5.9 - Medium - March 24, 2022

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.

Incorrect Permission Assignment for Critical Resource

A vulnerability was found in the 389 Directory Server

CVE-2022-0996 7.5 - High - March 23, 2022

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

Insufficient Session Expiration

A use-after-free vulnerability was found in the virtio-net device of QEMU

CVE-2021-3748 8.8 - High - March 23, 2022

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.

Dangling pointer

ALPACA is an application layer protocol content confusion attack

CVE-2021-3618 7.4 - High - March 23, 2022

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Improper Certificate Validation

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem

CVE-2021-4148 5.5 - Medium - March 23, 2022

A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.

Improper Validation of Integrity Check Value

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0

CVE-2021-25220 8.6 - High - March 23, 2022

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition

CVE-2022-0396 5.3 - Medium - March 23, 2022

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Improper Resource Shutdown or Release

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c

CVE-2022-27666 7.8 - High - March 23, 2022

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

Memory Corruption

A use-after-free flaw was found in the Linux kernels FUSE filesystem in the way a user triggers write()

CVE-2022-1011 7.8 - High - March 18, 2022

A use-after-free flaw was found in the Linux kernels FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Dangling pointer

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which

CVE-2022-0547 9.8 - Critical - March 18, 2022

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

authentification

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go

CVE-2022-27191 7.5 - High - March 18, 2022

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Use of a Broken or Risky Cryptographic Algorithm

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could

CVE-2022-24302 5.9 - Medium - March 17, 2022

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

Race Condition

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU

CVE-2021-20257 6.5 - Medium - March 16, 2022

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Infinite Loop

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later

CVE-2021-45848 7.5 - High - March 15, 2022

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.

Output Sanitization

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli

CVE-2022-0778 7.5 - High - March 15, 2022

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Infinite Loop

fish is a command line shell

CVE-2022-20001 7.8 - High - March 14, 2022

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.

Injection

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server

CVE-2022-23943 9.8 - Critical - March 14, 2022

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

Memory Corruption

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash

CVE-2022-22719 7.5 - High - March 14, 2022

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

Improper Initialization

If LimitXMLRequestBody is set to

CVE-2022-22721 9.8 - Critical - March 14, 2022

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Integer Overflow or Wraparound

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body

CVE-2022-22720 9.8 - Critical - March 14, 2022

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

HTTP Request Smuggling

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0

CVE-2022-0907 5.5 - Medium - March 11, 2022

Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.

NULL Pointer Dereference

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service

CVE-2022-0908 5.5 - Medium - March 11, 2022

Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.

NULL Pointer Dereference

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file

CVE-2022-0909 5.5 - Medium - March 11, 2022

Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.

Divide By Zero

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file

CVE-2022-0924 5.5 - Medium - March 11, 2022

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.

Out-of-bounds Read

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category

CVE-2022-25600 8.8 - High - March 11, 2022

Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).

Session Riding

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).

CVE-2022-25601 6.1 - Medium - March 11, 2022

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).

XSS

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

CVE-2022-0860 9.1 - Critical - March 11, 2022

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

AuthZ

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter

CVE-2022-0433 5.5 - Medium - March 10, 2022

A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.

NULL Pointer Dereference

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files

CVE-2021-44269 5.5 - Medium - March 10, 2022

An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.

Out-of-bounds Read

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values

CVE-2022-0847 7.8 - High - March 10, 2022

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Improper Initialization

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file

CVE-2022-0865 6.5 - Medium - March 10, 2022

Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.

assertion failure

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0

CVE-2022-0891 7.1 - High - March 10, 2022

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Memory Corruption

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel

CVE-2022-0516 7.8 - High - March 10, 2022

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context

CVE-2021-4095 5.5 - Medium - March 10, 2022

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

NULL Pointer Dereference

A flaw was found in KeePass

CVE-2022-0725 7.5 - High - March 10, 2022

A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Insertion of Sensitive Information into Log File

A heap overflow vulnerability was found in bluez in versions prior to 5.63

CVE-2022-0204 8.8 - High - March 10, 2022

A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.

Memory Corruption

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1

CVE-2021-4023 5.5 - Medium - March 10, 2022

A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set

CVE-2021-3981 3.3 - Low - March 10, 2022

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.

Incorrect Default Permissions

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.

CVE-2021-32434 5.5 - Medium - March 10, 2022

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.

Out-of-bounds Read

Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file

CVE-2021-34338 6.5 - Medium - March 10, 2022

Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

Memory Corruption

Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file

CVE-2021-34339 6.5 - Medium - March 10, 2022

Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

Memory Corruption

Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file

CVE-2021-34341 6.5 - Medium - March 10, 2022

Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.

Out-of-bounds Read

Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11

CVE-2021-32435 5.5 - Medium - March 10, 2022

Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.

Memory Corruption

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file

CVE-2021-34340 6.5 - Medium - March 10, 2022

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.