Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-4283 Use After Free vulnerability in multiple products
A vulnerability was found in X.Org.
local
low complexity
x-org fedoraproject redhat debian CWE-416
7.8
7.8
2022-12-13 CVE-2022-4223 Missing Authorization vulnerability in multiple products
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore.
network
low complexity
postgresql fedoraproject CWE-862
8.8
8.8
2022-12-09 CVE-2022-4170 The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
network
low complexity
rxvt-unicode-project fedoraproject
critical
 9.8
9.8
2022-12-08 CVE-2022-41717 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests.
network
low complexity
golang fedoraproject CWE-770
5.3
5.3
2022-12-08 CVE-2022-4122 A vulnerability was found in buildah.
network
low complexity
podman-project fedoraproject
5.3
5.3
2022-12-08 CVE-2022-4123 Path Traversal vulnerability in multiple products
A flaw was found in Buildah.
local
low complexity
podman-project fedoraproject CWE-22
3.3
3.3
2022-12-06 CVE-2022-24439 Improper Input Validation vulnerability in multiple products
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
network
low complexity
gitpython-project fedoraproject debian CWE-20
critical
 9.8
9.8
2022-12-04 CVE-2022-46391 Cross-site Scripting vulnerability in multiple products
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
network
low complexity
awstats debian fedoraproject CWE-79
6.1
6.1
2022-11-30 CVE-2022-46149 Cap'n Proto is a data interchange format and remote procedure call (RPC) system.
network
low complexity
capnproto fedoraproject
5.4
5.4
2022-11-29 CVE-2022-4144 An out-of-bounds read flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu fedoraproject redhat
6.5
6.5