Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4172 An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions.
local
low complexity
qemu fedoraproject
6.5
6.5
2022-11-28 CVE-2022-4129 Improper Locking vulnerability in multiple products
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP).
local
low complexity
linux fedoraproject CWE-667
5.5
5.5
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu debian fedoraproject CWE-78
7.8
7.8
2022-11-27 CVE-2022-45934 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.10.
local
low complexity
linux fedoraproject netapp debian CWE-190
7.8
7.8
2022-11-25 CVE-2022-39346 Nextcloud server is an open source personal cloud server.
network
low complexity
nextcloud fedoraproject
6.5
6.5
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
 9.1
9.1
2022-11-25 CVE-2022-4141 Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
local
low complexity
vim fedoraproject
7.8
7.8
2022-11-23 CVE-2022-45873 Resource Exhaustion vulnerability in multiple products
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace.
local
low complexity
systemd-project fedoraproject CWE-400
5.5
5.5
2022-11-23 CVE-2022-44789 Out-of-bounds Write vulnerability in multiple products
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
network
low complexity
artifex debian fedoraproject CWE-787
8.8
8.8
2022-11-23 CVE-2022-45866 Path Traversal vulnerability in multiple products
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
network
low complexity
qpress-project fedoraproject CWE-22
5.3
5.3