Vulnerabilities > Fedoraproject > Fedora > 37

DATE CVE VULNERABILITY TITLE RISK
2022-09-14 CVE-2022-40626 Cross-site Scripting vulnerability in multiple products
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
network
low complexity
zabbix fedoraproject CWE-79
6.1
6.1
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
high complexity
libexpat-project debian fedoraproject CWE-416
8.1
8.1
2022-09-13 CVE-2022-3190 Infinite Loop vulnerability in multiple products
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
local
low complexity
wireshark fedoraproject CWE-835
5.5
5.5
2022-09-09 CVE-2022-36087 OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+.
network
low complexity
oauthlib-project fedoraproject
6.5
6.5
2022-09-09 CVE-2022-40320 Out-of-bounds Read vulnerability in multiple products
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
network
low complexity
libconfuse-project fedoraproject CWE-125
8.8
8.8
2022-09-09 CVE-2022-36109 Moby is an open-source project created by Docker to enable software containerization.
network
low complexity
mobyproject fedoraproject
6.3
6.3
2022-09-09 CVE-2020-10735 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in python.
network
low complexity
python redhat fedoraproject CWE-704
7.5
7.5
2022-09-09 CVE-2022-25765 The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
network
low complexity
pdfkit-project fedoraproject
critical
 9.8
9.8
2022-09-06 CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
network
low complexity
golang fedoraproject
7.5
7.5
2022-09-05 CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
network
low complexity
dokuwiki fedoraproject
6.1
6.1