Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4144 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu fedoraproject redhat CWE-125
6.5
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
9.1
2022-11-23 CVE-2022-45149 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL.
network
low complexity
moodle fedoraproject CWE-352
5.4
2022-11-23 CVE-2022-45150 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting vulnerability was discovered in Moodle.
network
low complexity
moodle fedoraproject CWE-79
6.1
2022-11-23 CVE-2022-45151 Cross-site Scripting vulnerability in multiple products
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields.
network
low complexity
moodle fedoraproject CWE-79
5.4
2022-11-22 CVE-2022-3500 Uncaught Exception vulnerability in multiple products
A vulnerability was found in keylime.
local
high complexity
keylime redhat fedoraproject CWE-248
5.1
2022-11-10 CVE-2022-45063 Command Injection vulnerability in multiple products
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh.
network
low complexity
invisible-island fedoraproject CWE-77
critical
9.8
2022-11-09 CVE-2022-45059 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1.
7.5
2022-11-09 CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. 7.5
2022-11-08 CVE-2022-3821 Off-by-one Error vulnerability in multiple products
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c.
5.5