Fedora Fedora Project Fedora

Do you want an email whenever new security vulnerabilities are reported in Fedora Project Fedora?

By the Year

In 2022 there have been 584 vulnerabilities in Fedora Project Fedora with an average score of 7.1 out of ten. Last year Fedora had 1141 security vulnerabilities published. Right now, Fedora is on track to have less security vulnerabilities in 2022 than it did last year. Last year, the average CVE base score was greater by 0.04

Year Vulnerabilities Average Score
2022 584 7.07
2021 1141 7.11
2020 698 6.81
2019 437 7.30
2018 62 7.19

It may take a day or so for new Fedora vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fedora Project Fedora Security Vulnerabilities

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots

CVE-2014-0147 6.2 - Medium - September 29, 2022

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Integer Overflow or Wraparound

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software

CVE-2022-3204 7.5 - High - September 26, 2022

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.

Resource Exhaustion

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity

CVE-2022-40188 7.5 - High - September 23, 2022

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

Resource Exhaustion

Redis is an in-memory database that persists on disk

CVE-2022-35951 9.8 - Critical - September 23, 2022

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

Integer Overflow or Wraparound

By flooding the target resolver with queries exploiting this flaw an attacker

CVE-2022-2795 7.5 - High - September 21, 2022

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Resource Exhaustion

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak

CVE-2022-38177 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak

CVE-2022-38178 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

By sending specific queries to the resolver, an attacker

CVE-2022-3080 7.5 - High - September 21, 2022

By sending specific queries to the resolver, an attacker can cause named to crash.

Injection

Grafana is an open-source platform for monitoring and observability

CVE-2022-35957 6.6 - Medium - September 20, 2022

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All installations should be upgraded as soon as possible. As a workaround deactivate auth proxy following the instructions at: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/

Authentication Bypass by Spoofing

A buffer overflow issue was addressed with improved memory handling

CVE-2022-32886 8.8 - High - September 20, 2022

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A heap buffer overflow issue was found in ImageMagick

CVE-2022-3213 5.5 - Medium - September 19, 2022

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Memory Corruption

An unauthenticated user

CVE-2022-40626 6.1 - Medium - September 14, 2022

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

XSS

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.

CVE-2022-40673 7.8 - High - September 14, 2022

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.

AuthZ

In certain Moodle products after creating a course

CVE-2021-36568 5.4 - Medium - September 13, 2022

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

XSS

JoinPath and URL.JoinPath do not remove

CVE-2022-32190 9.8 - Critical - September 13, 2022

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

Directory traversal

Moby is an open-source project created by Docker to enable software containerization

CVE-2022-36109 6.3 - Medium - September 09, 2022

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

AuthZ

A flaw was found in the Linux kernel

CVE-2022-3169 5.5 - Medium - September 09, 2022

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.

Improper Input Validation

A flaw was found in python

CVE-2020-10735 7.5 - High - September 09, 2022

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Incorrect Type Conversion or Cast

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service

CVE-2022-27664 7.5 - High - September 06, 2022

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.

CVE-2022-3123 6.1 - Medium - September 05, 2022

Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.

XSS

An issue was discovered in PSPP 1.6.2

CVE-2022-39831 7.8 - High - September 05, 2022

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.

Memory Corruption

An issue was discovered in PSPP 1.6.2

CVE-2022-39832 7.8 - High - September 05, 2022

An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

Memory Corruption

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

CVE-2022-3099 7.8 - High - September 03, 2022

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

Dangling pointer

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

CVE-2022-39170 8.8 - High - September 02, 2022

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

Double-free

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty

CVE-2021-3826 7.5 - High - September 01, 2022

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

Memory Corruption

In Samba, GnuTLS gnutls_rnd()

CVE-2022-1615 5.5 - Medium - September 01, 2022

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

Use of Insufficiently Random Values

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute

CVE-2022-32743 7.5 - High - September 01, 2022

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.

Incorrect Default Permissions

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously

CVE-2022-3028 7 - High - August 31, 2022

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Race Condition

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function

CVE-2022-1354 5.5 - Medium - August 31, 2022

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Memory Corruption

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function

CVE-2022-1355 6.1 - Medium - August 31, 2022

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Buffer Overflow

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ

CVE-2022-2153 5.5 - Medium - August 31, 2022

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

An issue found in linux-kernel that leads to a race condition in rose_connect()

CVE-2022-1247 7 - High - August 31, 2022

An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their count and use are zero.

Race Condition

A permissive list of allowed inputs flaw was found in DPDK

CVE-2022-2132 8.6 - High - August 31, 2022

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

CVE-2022-3037 7.8 - High - August 30, 2022

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

Dangling pointer

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc)

CVE-2022-38784 7.8 - High - August 30, 2022

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Integer Overflow or Wraparound

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A use-after-free flaw was found in the Linux kernels PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function

CVE-2022-2961 7 - High - August 29, 2022

A use-after-free flaw was found in the Linux kernels PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Dangling pointer

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure

CVE-2022-0336 8.8 - High - August 29, 2022

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

Incorrect Default Permissions

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

CVE-2022-0367 7.8 - High - August 29, 2022

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

Memory Corruption

Use After Free in GitHub repository vim/vim prior to 9.0.0286.

CVE-2022-3016 7.8 - High - August 28, 2022

Use After Free in GitHub repository vim/vim prior to 9.0.0286.

Dangling pointer

A vulnerability was found in ImageMagick-7.0.11-5

CVE-2021-3574 3.3 - Low - August 26, 2022

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

Memory Leak

A flaw was found in the Linux kernel

CVE-2021-3669 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Resource Exhaustion

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

CVE-2022-2980 5.5 - Medium - August 25, 2022

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

NULL Pointer Dereference

Use After Free in GitHub repository vim/vim prior to 9.0.0260.

CVE-2022-2982 7.8 - High - August 25, 2022

Use After Free in GitHub repository vim/vim prior to 9.0.0260.

Dangling pointer

A race condition vulnerability was found in rpm

CVE-2021-35937 6.4 - Medium - August 25, 2022

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

insecure temporary file

A symbolic link issue was found in rpm

CVE-2021-35938 7.8 - High - August 25, 2022

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

insecure temporary file

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU

CVE-2021-3929 8.2 - High - August 25, 2022

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.

Dangling pointer

A key length flaw was found in Red Hat Ceph Storage

CVE-2021-3979 6.5 - Medium - August 25, 2022

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

Use of a Broken or Risky Cryptographic Algorithm

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads

CVE-2022-22728 7.5 - High - August 25, 2022

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

Classic Buffer Overflow

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2022-32893 8.8 - High - August 24, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Memory Corruption

Multiple out-of-bounds write issues were addressed with improved bounds checking

CVE-2022-32793 7.5 - High - August 24, 2022

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.

Memory Corruption

A flaw was found in unzip

CVE-2021-4217 7.8 - High - August 24, 2022

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

NULL Pointer Dereference

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem

CVE-2021-3995 5.5 - Medium - August 23, 2022

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Files or Directories Accessible to External Parties

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem

CVE-2021-3996 5.5 - Medium - August 23, 2022

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.

Files or Directories Accessible to External Parties

A flaw was found in the Linux kernel's implementation of Pressure Stall Information

CVE-2022-2938 7.8 - High - August 23, 2022

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

Dangling pointer

A flaw was found in systemd

CVE-2021-3997 5.5 - Medium - August 23, 2022

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

Stack Exhaustion

A use-after-free flaw was found in libvirt

CVE-2021-3975 6.5 - Medium - August 23, 2022

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Dangling pointer

Use After Free in GitHub repository vim/vim prior to 9.0.0246.

CVE-2022-2946 7.8 - High - August 23, 2022

Use After Free in GitHub repository vim/vim prior to 9.0.0246.

Dangling pointer

A flaw was found in the vhost library in DPDK

CVE-2021-3839 7.5 - High - August 23, 2022

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Out-of-bounds Read

MaxQueryDuration not honoured in Samba AD DC LDAP

CVE-2021-3670 6.5 - Medium - August 23, 2022

MaxQueryDuration not honoured in Samba AD DC LDAP

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing

CVE-2021-3905 7.5 - High - August 23, 2022

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.

Memory Leak

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link

CVE-2021-23177 7.8 - High - August 23, 2022

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

insecure temporary file

An improper link resolution flaw

CVE-2021-31566 7.8 - High - August 23, 2022

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

insecure temporary file

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.

CVE-2022-2923 5.5 - Medium - August 22, 2022

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.

NULL Pointer Dereference

An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data

CVE-2022-2873 5.5 - Medium - August 22, 2022

An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

Incorrect Calculation of Buffer Size

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection

CVE-2021-3659 5.5 - Medium - August 22, 2022

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

Use After Free in GitHub repository vim/vim prior to 9.0.0225.

CVE-2022-2889 7.8 - High - August 19, 2022

Use After Free in GitHub repository vim/vim prior to 9.0.0225.

Dangling pointer

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150

CVE-2022-37049 7.8 - High - August 18, 2022

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.

Memory Corruption

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344

CVE-2022-37048 7.8 - High - August 18, 2022

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.

Memory Corruption

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713

CVE-2022-37047 7.8 - High - August 18, 2022

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.

Memory Corruption

A vulnerability was found in PostgreSQL

CVE-2022-2625 8 - High - August 18, 2022

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Improper Control of Dynamically-Managed Code Resources

libtiff's tiffcrop utility has a improper input validation flaw

CVE-2022-2868 8.1 - High - August 17, 2022

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

Improper Input Validation

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine

CVE-2022-2869 8.8 - High - August 17, 2022

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.

Out-of-bounds Read

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write

CVE-2022-2867 8.8 - High - August 17, 2022

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.

Out-of-bounds Read

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring

CVE-2020-14394 3.2 - Low - August 17, 2022

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Infinite Loop

In Varnish Cache 7.0.0

CVE-2022-38150 7.5 - High - August 11, 2022

In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink

CVE-2021-33643 9.1 - Critical - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

Out-of-bounds Read

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname

CVE-2021-33644 8.1 - High - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Out-of-bounds Read

The th_read() function doesnt free a variable t->th_buf.gnu_longlink after allocating memory

CVE-2021-33645 7.5 - High - August 10, 2022

The th_read() function doesnt free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

Memory Leak

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory

CVE-2021-33646 7.5 - High - August 10, 2022

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

Memory Leak

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially

CVE-2022-32189 7.5 - High - August 10, 2022

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

In ImageMagick

CVE-2022-2719 5.5 - Medium - August 10, 2022

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

assertion failure

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker

CVE-2022-30629 3.1 - Low - August 10, 2022

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

Use of Insufficiently Random Values

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c

CVE-2022-37451 7.5 - High - August 06, 2022

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

Release of Invalid Pointer or Reference

A flaw was found in KVM

CVE-2022-1158 7.8 - High - August 05, 2022

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Dangling pointer

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal

CVE-2022-1973 7.1 - High - August 05, 2022

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.

Dangling pointer

A vulnerability found in gnutls

CVE-2022-2509 7.5 - High - August 01, 2022

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Double-free

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134

CVE-2022-2163 8.8 - High - July 28, 2022

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Dangling pointer

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114

CVE-2022-2294 8.8 - High - July 28, 2022

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Type confusion in V8 in Google Chrome prior to 103.0.5060.114

CVE-2022-2295 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114

CVE-2022-2296 8.8 - High - July 28, 2022

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Dangling pointer

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53

CVE-2022-2161 8.8 - High - July 28, 2022

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Dangling pointer

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53

CVE-2022-2162 8.8 - High - July 28, 2022

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53

CVE-2022-2164 6.3 - Medium - July 28, 2022

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53

CVE-2022-2160 6.5 - Medium - July 28, 2022

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.

Exposure of Resource to Wrong Sphere

Type confusion in V8 in Google Chrome prior to 103.0.5060.53

CVE-2022-2158 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Use after free in Core in Google Chrome prior to 103.0.5060.53

CVE-2022-2156 8.8 - High - July 28, 2022

Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53

CVE-2022-2157 8.8 - High - July 28, 2022

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53

CVE-2022-2165 4.3 - Medium - July 28, 2022

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273)

CVE-2022-33745 8.8 - High - July 26, 2022

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Fedora Project? Click the Watch button to subscribe.

subscribe