Total
5271 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23614 | 3 Debian, Fedoraproject, Symfony | 3 Debian Linux, Fedora, Twig | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. | |||||
CVE-2022-23613 | 2 Fedoraproject, Neutrinolabs | 2 Fedora, Xrdp | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds. | |||||
CVE-2022-23598 | 2 Fedoraproject, Getlaminas | 2 Fedora, Laminas-form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value was not being escaped for HTML contexts, which could potentially lead to a reflected cross-site scripting attack. Versions 3.1.1 and above contain a patch to mitigate the vulnerability. A workaround is available. One may manually place code at the top of a view script where one calls the `formElementErrors()` view helper. More information about this workaround is available on the GitHub Security Advisory. | |||||
CVE-2022-23304 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | |||||
CVE-2022-23303 | 2 Fedoraproject, W1.fi | 3 Fedora, Hostapd, Wpa Supplicant | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | |||||
CVE-2022-23222 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | |||||
CVE-2022-23133 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. | |||||
CVE-2022-23132 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2024-11-21 | 7.5 HIGH | 3.3 LOW |
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level | |||||
CVE-2022-23094 | 3 Debian, Fedoraproject, Libreswan | 3 Debian Linux, Fedora, Libreswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. | |||||
CVE-2022-23035 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 4.7 MEDIUM | 4.6 MEDIUM |
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid. | |||||
CVE-2022-23034 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. | |||||
CVE-2022-23033 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. | |||||
CVE-2022-22995 | 3 Fedoraproject, Netatalk, Westerndigital | 24 Fedora, Netatalk, My Cloud and 21 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | |||||
CVE-2022-22818 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS. | |||||
CVE-2022-22728 | 3 Apache, Debian, Fedoraproject | 3 Libapreq2, Debian Linux, Fedora | 2024-11-21 | N/A | 7.5 HIGH |
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | |||||
CVE-2022-22721 | 5 Apache, Apple, Debian and 2 more | 8 Http Server, Mac Os X, Macos and 5 more | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||||
CVE-2022-22720 | 5 Apache, Apple, Debian and 2 more | 8 Http Server, Mac Os X, Macos and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | |||||
CVE-2022-22719 | 5 Apache, Apple, Debian and 2 more | 7 Http Server, Mac Os X, Macos and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||||
CVE-2022-22662 | 2 Apple, Fedoraproject | 3 Mac Os X, Macos, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. | |||||
CVE-2022-21986 | 2 Fedoraproject, Microsoft | 4 Fedora, .net, Visual Studio 2019 and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
.NET Denial of Service Vulnerability |