Total
9330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24769 | 5 Debian, Fedoraproject, Linux and 2 more | 5 Debian Linux, Fedora, Linux Kernel and 2 more | 2024-11-21 | 4.6 MEDIUM | 5.9 MEDIUM |
| Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. | |||||
| CVE-2022-24765 | 5 Apple, Debian, Fedoraproject and 2 more | 5 Xcode, Debian Linux, Fedora and 2 more | 2024-11-21 | 6.9 MEDIUM | 6.0 MEDIUM |
| Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`. | |||||
| CVE-2022-24761 | 2 Agendaless, Debian | 2 Waitress, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead. | |||||
| CVE-2022-24720 | 2 Debian, Image Processing Project | 2 Debian Linux, Image Processing | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is called internally by Active Storage variants, so Active Storage is vulnerable as well. The vulnerability has been fixed in version 1.12.2 of image_processing. As a workaround, users who process based on user input should always sanitize the user input by allowing only a constrained set of operations. | |||||
| CVE-2022-24713 | 3 Debian, Fedoraproject, Rust-lang | 3 Debian Linux, Fedora, Regex | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. | |||||
| CVE-2022-24448 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. | |||||
| CVE-2022-24407 | 5 Cyrusimap, Debian, Fedoraproject and 2 more | 8 Cyrus-sasl, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | |||||
| CVE-2022-24302 | 3 Debian, Fedoraproject, Paramiko | 3 Debian Linux, Fedora, Paramiko | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. | |||||
| CVE-2022-24301 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Minetest before 5.4.0, players can add or subtract items from a different player's inventory. | |||||
| CVE-2022-24300 | 2 Debian, Minetest | 2 Debian Linux, Minetest | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection. | |||||
| CVE-2022-24130 | 3 Debian, Fedoraproject, Invisible-island | 3 Debian Linux, Fedora, Xterm | 2024-11-21 | 2.6 LOW | 5.5 MEDIUM |
| xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | |||||
| CVE-2022-24070 | 4 Apache, Apple, Debian and 1 more | 4 Subversion, Macos, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. | |||||
| CVE-2022-23960 | 3 Arm, Debian, Xen | 42 Cortex-a57, Cortex-a57 Firmware, Cortex-a65 and 39 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
| Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | |||||
| CVE-2022-23959 | 4 Debian, Fedoraproject, Varnish-software and 1 more | 6 Debian Linux, Fedora, Varnich Cache and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | |||||
| CVE-2022-23947 | 3 Debian, Fedoraproject, Kicad | 3 Debian Linux, Fedora, Kicad Eda | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-23946 | 3 Debian, Fedoraproject, Kicad | 3 Debian Linux, Fedora, Kicad Eda | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-23837 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users. | |||||
| CVE-2022-23833 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2022-23806 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |||||