Fedora Project Extra Packages Enterprise Linux

A vulnerability was found in cri-o

CVE-2022-4318 7.8 - High - September 25, 2023

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Improper Control of Dynamically-Managed Code Resources

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c

CVE-2023-38252 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Out-of-bounds Read

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c

CVE-2023-38253 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Out-of-bounds Read

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16

CVE-2023-34432 7.8 - High - July 10, 2023

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Memory Corruption

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58

CVE-2023-26590 5.5 - Medium - July 10, 2023

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

Incorrect Comparison

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18

CVE-2023-32627 5.5 - Medium - July 10, 2023

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

Incorrect Comparison

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41

CVE-2023-34318 7.8 - High - July 10, 2023

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

Memory Corruption

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c

CVE-2023-3195 5.5 - Medium - June 16, 2023

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Memory Corruption

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c

CVE-2023-34475 5.5 - Medium - June 16, 2023

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

Dangling pointer

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c

CVE-2023-34474 5.5 - Medium - June 16, 2023

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Memory Corruption

A vulnerability was found in ImageMagick

CVE-2023-34151 5.5 - Medium - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

Integer Overflow or Wraparound

A vulnerability was found in ImageMagick

CVE-2023-34153 7.8 - High - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Command Injection

A vulnerability was found in ImageMagick

CVE-2023-34152 9.8 - Critical - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Shell injection

The vulnerability was found Moodle which exists because the application

CVE-2023-30943 5.3 - Medium - May 02, 2023

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

Externally Controlled Reference to a Resource in Another Sphere

The vulnerability was found Moodle

CVE-2023-30944 7.3 - High - May 02, 2023

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

SQL Injection

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c

CVE-2023-1906 5.5 - Medium - April 12, 2023

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Memory Corruption

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service

CVE-2023-0056 6.5 - Medium - March 23, 2023

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

Resource Exhaustion

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault

CVE-2023-1289 5.5 - Medium - March 23, 2023

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Improper Input Validation

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker

CVE-2022-4170 9.8 - Critical - December 09, 2022

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU

CVE-2022-4144 6.5 - Medium - November 29, 2022

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

Out-of-bounds Read

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle

CVE-2022-45152 9.1 - Critical - November 25, 2022

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

XSPA

Recursive rendering of Mustache template helpers containing user input could

CVE-2022-40313 7.1 - High - September 30, 2022

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

XSS

A limited SQL injection risk was identified in the "browse list of users" site administration page.

CVE-2022-40315 9.8 - Critical - September 30, 2022

A limited SQL injection risk was identified in the "browse list of users" site administration page.

SQL Injection

The H5P activity attempts report did not filter by groups

CVE-2022-40316 4.3 - Medium - September 30, 2022

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

AuthZ

A heap buffer overflow issue was found in ImageMagick

CVE-2022-3213 5.5 - Medium - September 19, 2022

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Memory Corruption

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

CVE-2022-0367 7.8 - High - August 29, 2022

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

Memory Corruption

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring

CVE-2020-14394 3.2 - Low - August 17, 2022

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Infinite Loop

In ImageMagick

CVE-2022-2719 5.5 - Medium - August 10, 2022

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

assertion failure

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134

CVE-2022-2163 8.8 - High - July 28, 2022

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Dangling pointer

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114

CVE-2022-2294 8.8 - High - July 28, 2022

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 103.0.5060.114

CVE-2022-2295 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114

CVE-2022-2296 8.8 - High - July 28, 2022

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 103.0.5060.53

CVE-2022-2158 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

A vulnerability was found in ImageMagick

CVE-2022-32545 7.8 - High - June 16, 2022

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Integer Overflow or Wraparound

A vulnerability was found in ImageMagick

CVE-2022-32546 7.8 - High - June 16, 2022

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Integer Overflow or Wraparound

In ImageMagick, there is load of misaligned address for type 'double'

CVE-2022-32547 7.8 - High - June 16, 2022

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Incorrect Type Conversion or Cast

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP)

CVE-2022-24882 7.5 - High - April 26, 2022

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1

CVE-2022-28327 7.5 - High - April 20, 2022

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection

CVE-2022-25648 9.8 - Critical - April 19, 2022

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Argument Injection

An SQL injection risk was identified in Badges code relating to configuring criteria

CVE-2022-0983 8.8 - High - March 25, 2022

An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.

SQL Injection

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go

CVE-2022-27191 7.5 - High - March 18, 2022

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

A flaw was found in keepass

CVE-2022-0725 7.5 - High - March 10, 2022

A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.

Insertion of Sensitive Information into Log File

There's a flaw in urllib's AbstractBasicAuthHandler class

CVE-2021-3733 6.5 - Medium - March 10, 2022

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

Resource Exhaustion

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access

CVE-2022-0546 7.8 - High - February 24, 2022

A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.

Integer Overflow or Wraparound

client_golang is the instrumentation library for Go applications in Prometheus

CVE-2022-21698 7.5 - High - February 15, 2022

client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.

Allocation of Resources Without Limits or Throttling

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

CVE-2022-0571 6.1 - Medium - February 14, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

XSS

In strongSwan before 5.9.5, a malicious responder

CVE-2021-45079 9.1 - Critical - January 31, 2022

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

NULL Pointer Dereference

An issue was discovered in uriparser before 0.9.6

CVE-2021-46142 5.5 - Medium - January 06, 2022

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

Dangling pointer

An issue was discovered in uriparser before 0.9.6

CVE-2021-46141 5.5 - Medium - January 06, 2022

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

Dangling pointer

This affects the package celery before 5.2.2

CVE-2021-23727 7.5 - High - December 29, 2021

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.

Command Injection

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions

CVE-2021-43558 6.1 - Medium - November 22, 2021

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

XSS

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions

CVE-2021-43559 8.8 - High - November 22, 2021

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Session Riding

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions

CVE-2021-43560 5.3 - Medium - November 22, 2021

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Exposure of Resource to Wrong Sphere

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0

CVE-2021-21897 8.8 - High - September 08, 2021

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Integer underflow

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution

CVE-2021-38714 8.8 - High - August 24, 2021

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file.

Integer Overflow or Wraparound

A flaw was found in mbsync before v1.3.5 and v1.4.1

CVE-2021-20247 7.4 - High - February 23, 2021

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity.

Directory traversal

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0

CVE-2020-27842 5.5 - Medium - January 05, 2021

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.

Out-of-bounds Read

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0

CVE-2020-27818 3.3 - Low - December 08, 2020

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

Out-of-bounds Read

An issue was discovered in Pure-FTPd 1.0.49

CVE-2020-9274 7.5 - High - February 26, 2020

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.

Access of Uninitialized Pointer

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database

CVE-2020-7106 6.1 - Medium - January 16, 2020

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

XSS