Fedora Security Vulnerabilities
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
7.8CVSS
8AI Score
0.095EPSS
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
7.8CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
7.8CVSS
7.3AI Score
0.0004EPSS
7.1CVSS
6.7AI Score
0.001EPSS
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
7.1CVSS
6.7AI Score
0.001EPSS
7.8CVSS
7.4AI Score
0.001EPSS
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
7.1CVSS
6.7AI Score
0.001EPSS
7.1CVSS
6.6AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
5.5CVSS
5.3AI Score
0.002EPSS
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
5.5CVSS
5.3AI Score
0.002EPSS
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
7.8CVSS
7.8AI Score
0.001EPSS
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
9.8CVSS
9.3AI Score
0.007EPSS
7.8CVSS
7.6AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.002EPSS
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
5.5CVSS
6AI Score
0.001EPSS
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
5.5CVSS
5.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.
6.1CVSS
5.9AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
7.5CVSS
8.3AI Score
0.004EPSS
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
9.8CVSS
9.2AI Score
0.01EPSS
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
7.5CVSS
8.3AI Score
0.004EPSS
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
6.5CVSS
7.7AI Score
0.004EPSS
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
7.5CVSS
8.3AI Score
0.004EPSS
6.5CVSS
6AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a...
9.1CVSS
8.9AI Score
0.001EPSS
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
8.1AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
5.5CVSS
6.2AI Score
0.001EPSS
7.1CVSS
7.3AI Score
0.001EPSS
5.5CVSS
6.8AI Score
0.001EPSS
A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
7.5CVSS
7.2AI Score
0.002EPSS
8.8CVSS
8.6AI Score
0.003EPSS
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
9.8CVSS
9.4AI Score
0.003EPSS
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page c...
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service
6.5CVSS
6.2AI Score
0.002EPSS
9.1CVSS
9AI Score
0.002EPSS
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
6.5CVSS
6.3AI Score
0.006EPSS
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-depende...
7.1CVSS
7.2AI Score
0.009EPSS
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
5.5CVSS
5.7AI Score
0.002EPSS
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
7.7CVSS
6AI Score
0.002EPSS
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
5.5CVSS
5.8AI Score
0.002EPSS
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
5.5CVSS
5.9AI Score
0.002EPSS
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
7.8CVSS
7.7AI Score
0.001EPSS
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
8.8CVSS
8.8AI Score
0.001EPSS
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
4.3CVSS
6AI Score
0.001EPSS