Vulnerabilities > Fedoraproject > Fedora > 35

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
 9.8
9.8
2022-09-30 CVE-2022-40316 Missing Authorization vulnerability in multiple products
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3
2022-09-29 CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-28 CVE-2022-31628 Infinite Loop vulnerability in multiple products
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
local
low complexity
php fedoraproject debian CWE-835
5.5
5.5
2022-09-28 CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
network
low complexity
php fedoraproject debian
6.5
6.5
2022-09-28 CVE-2022-39261 Path Traversal vulnerability in multiple products
Twig is a template language for PHP.
network
low complexity
symfony drupal fedoraproject debian CWE-22
7.5
7.5
2022-09-27 CVE-2022-3324 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-26 CVE-2022-3204 Resource Exhaustion vulnerability in multiple products
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software.
network
low complexity
nlnetlabs fedoraproject CWE-400
7.5
7.5
2022-09-25 CVE-2022-3297 Use After Free in GitHub repository vim/vim prior to 9.0.0579.
local
low complexity
vim fedoraproject
7.8
7.8
2022-09-25 CVE-2022-3296 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
local
low complexity
vim fedoraproject
7.8
7.8