Medium: vim

Issue Overview: A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utfptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into...

Medium: booth

Issue Overview: The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. CVE-2022-2553...

Medium: babel

Issue Overview: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution. CVE-2021-42771 Affected Packages: babel Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: nodejs

Issue Overview: This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. CVE-2022-25881 Affected Packages: nodejs Issue...

Critical: nss

Issue Overview: NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using...

Medium: apr-util

Issue Overview: 2023-05-23: The severity level was changed from Critical to Medium. Integer Overflow or Wraparound vulnerability in aprbase64 functions of Apache Portable Runtime Utility APR-util allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime...

Medium: bash

Issue Overview: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parametertransform. This issue may lead to memory problems. CVE-2022-3715 Affected Packages: bash Issue Correction: Run dnf update bash --releasever 2023.0.20230322 or dnf update --advisory...

Critical: apr

Issue Overview: An out-of-bounds array read in the aprtimeexp functions was fixed in the Apache Portable Runtime 1.6.3 release CVE-2017-12613. The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same...

Low: unzip

Issue Overview: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. CVE-2021-4217 A flaw was found i...

Important: sudo

Issue Overview: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven...

Important: subversion

Issue Overview: A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its copyfrom path the path to the protected...

Medium: libxml2

Issue Overview: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow,...

Medium: ImageMagick

Issue Overview: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input. CVE-2022-44267 ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image e.g., for resize...

Important: python-pillow

Issue Overview: A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or...

Medium: libsndfile

Issue Overview: An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via tricking a user to open or otherwise to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read...

Medium: harfbuzz

Issue Overview: HarfBuzz 2.9.0 has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy. CVE-2021-45931 Affected Packages: harfbuzz Issue Correction: Run dnf update harfbuzz --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-036...

Medium: dnsmasq

Issue Overview: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. CVE-2022-0934 Affected Packages: dnsmasq Issue Correction: Run dnf update dnsmasq...

Medium: fribidi

Issue Overview: A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. CVE-2022-25308 A heap-based buffer overflow flaw was found i...

Low: libsolv

Issue Overview: A flaw was found in libsolv. A buffer overflow vulnerability could cause a denial of service. The highest threat from this vulnerability is to system availability. CVE-2021-3200 Affected Packages: libsolv Issue Correction: Run dnf update libsolv --releasever 2023.0.20230322 or dnf...

Important: xz

Issue Overview: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to...

Medium: flac

Issue Overview: An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause local information disclosure. CVE-2021-0561 Affected Packages: flac Issue Correctio...

Medium: curl

Issue Overview: A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. CVE-2023-23914 A flaw was fou...

Important: wireshark

Issue Overview: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file CVE-2022-4344 Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and...

Important: tomcat9

Issue Overview: If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length...

Medium: python3.9

Issue Overview: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16,...

Critical: maven-shared-utils

Issue Overview: org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

Critical: expat

Issue Overview: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an...

Important: git

Issue Overview: Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be set for path...

Important: mariadb105

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Important: openssl

Issue Overview: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve...

Medium: util-linux

Issue Overview: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a pref...

Medium: git

Issue Overview: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git...

Important: python-pillow

Issue Overview: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVE-2021-25290 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

Medium: cpio

Issue Overview: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the ...

Medium: e2fsprogs

Issue Overview: An out-of-bounds read/write vulnerability was found in e2fsprogs. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVE-2022-1304 Affected Packages: e2fsprogs Issue Correction: Run dnf update e2fsprogs --releasever...

Medium: xmlsec1

Issue Overview: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a...

Medium: microcode_ctl

Issue Overview: Improper access control for some 3rd Generation IntelR XeonR Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. CVE-2021-33117 add CVE-2022-0005 A flaw was found in hw. Improper access control for...

Important: python-lxml

Issue Overview: There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web...

Medium: openssl

Issue Overview: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in...

Medium: ghostscript

Issue Overview: A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an initdeviceprocs defined for the device that uses it as a prototype that depends upon the numbe...

Low: wget

Issue Overview: No CVE associated with this advisory Affected Packages: wget Issue Correction: Run dnf update wget --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-012 --releasever 2023.0.20230322 to update your system. More information on how to update your system can be found...

Medium: xdg-utils

Issue Overview: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches...

Medium: dbus

Issue Overview: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVE-2022-42010 An...

Important: bcel

Issue Overview: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllab...

Medium: giflib

Issue Overview: An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. CVE-2020-23922 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB in gif2rgb.c:298:45. CVE-2022-28506 Affected Packages: giflib Issue Correction: Ru...

Important: libksba

Issue Overview: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

Medium: libldb

Issue Overview: A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as...

Low: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Affected Packages: docker Issue Correction: Run dnf update docker --releasever 2023.0.20230322 or dnf update --advisory...

Medium: pcre2

Issue Overview: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not full...

Important: pesign

Issue Overview: A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script...