Fedoraproject: >> Fedora Security Vulnerabilities
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-18
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS Score
9.8
EPSS Score
0.077
Published
2022-02-18
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-17
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS Score
7.8
EPSS Score
0.023
Published
2022-02-17
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVSS Score
8.2
EPSS Score
0.001
Published
2022-02-17
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVSS Score
8.4
EPSS Score
0.01
Published
2022-02-17
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-16
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
CVSS Score
4.6
EPSS Score
0.002
Published
2022-02-16
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
CVSS Score
7.8
EPSS Score
0.023
Published
2022-02-16
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-02-16