Filtered by vendor Fedoraproject Subscriptions
Total 5192 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-1247 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2024-08-02 7.0 High
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.
CVE-2022-1231 2 Fedoraproject, Plantuml 2 Fedora, Plantuml 2024-08-02 6.1 Medium
XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).
CVE-2022-1204 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-08-02 5.5 Medium
A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
CVE-2022-1160 2 Fedoraproject, Vim 2 Fedora, Vim 2024-08-02 7.8 High
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
CVE-2022-1154 5 Debian, Fedoraproject, Oracle and 2 more 5 Debian Linux, Fedora, Communications Cloud Native Core Network Exposure Function and 2 more 2024-08-02 7.8 High
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-1158 3 Fedoraproject, Linux, Redhat 8 Fedora, Linux Kernel, Enterprise Linux and 5 more 2024-08-02 7.8 High
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.
CVE-2022-1122 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-08-02 5.5 Medium
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
CVE-2022-1055 5 Canonical, Fedoraproject, Linux and 2 more 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more 2024-08-02 7.8 High
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-1015 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2024-08-02 6.6 Medium
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
CVE-2022-0996 2 Fedoraproject, Redhat 4 Fedora, 389 Directory Server, Enterprise Linux and 1 more 2024-08-02 6.5 Medium
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
CVE-2022-1053 2 Fedoraproject, Keylime 2 Fedora, Keylime 2024-08-02 9.1 Critical
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1,
CVE-2022-0984 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-02 4.3 Medium
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVE-2022-1011 6 Debian, Fedoraproject, Linux and 3 more 39 Debian Linux, Fedora, Linux Kernel and 36 more 2024-08-02 7.8 High
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2022-0943 5 Apple, Debian, Fedoraproject and 2 more 5 Macos, Debian Linux, Fedora and 2 more 2024-08-02 7.8 High
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
CVE-2022-0995 3 Fedoraproject, Linux, Netapp 24 Fedora, Linux Kernel, H300e and 21 more 2024-08-02 7.8 High
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
CVE-2022-0924 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-08-02 5.5 Medium
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
CVE-2022-0983 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 8.8 High
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVE-2022-0908 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-08-02 7.7 High
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
CVE-2022-0907 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2024-08-02 5.5 Medium
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
CVE-2022-0891 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-08-02 6.1 Medium
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact