Fedoraproject: >> Fedora >> 36 Security Vulnerabilities
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-03
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
CVSS Score
7.5
EPSS Score
0.046
Published
2022-03-03
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-02-24
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-24
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS Score
6.8
EPSS Score
0.003
Published
2022-02-24
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-02-23
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-02-22
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS Score
5.9
EPSS Score
0.004
Published
2022-02-22
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS Score
7.8
EPSS Score
0.004
Published
2022-02-22
An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobbler local installation. In the case of an easy-to-guess password, it's trivial to obtain the plaintext string. The settings.yaml file contains secrets such as the hashed default password.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-02-20