Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38791 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | ||||
| CVE-2022-38784 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 4 Debian Linux, Fedora, Poppler and 1 more | 2024-11-21 | 7.8 High |
| Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. | ||||
| CVE-2022-38533 | 2 Fedoraproject, Gnu | 2 Fedora, Binutils | 2024-11-21 | 5.5 Medium |
| In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | ||||
| CVE-2022-37451 | 2 Exim, Fedoraproject | 2 Exim, Fedora | 2024-11-21 | 7.5 High |
| Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | ||||
| CVE-2022-37428 | 2 Fedoraproject, Powerdns | 2 Fedora, Recursor | 2024-11-21 | 6.5 Medium |
| PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. | ||||
| CVE-2022-37049 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
| The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942. | ||||
| CVE-2022-37048 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
| The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. | ||||
| CVE-2022-37047 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
| The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. | ||||
| CVE-2022-36440 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-11-21 | 7.5 High |
| A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | ||||
| CVE-2022-35653 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | ||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 6.1 Medium |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | ||||
| CVE-2022-35651 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. | ||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 7.5 High |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | ||||
| CVE-2022-35649 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 9.8 Critical |
| The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | ||||
| CVE-2022-35020 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | ||||
| CVE-2022-35019 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a segmentation fault. | ||||
| CVE-2022-35018 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a segmentation fault. | ||||
| CVE-2022-35017 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | ||||
| CVE-2022-35016 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | ||||
| CVE-2022-35015 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. | ||||