Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
 9.8
9.8
2022-09-30 CVE-2022-40316 Missing Authorization vulnerability in multiple products
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3
2022-09-29 CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
6.2
2022-09-28 CVE-2022-31628 Infinite Loop vulnerability in multiple products
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
local
low complexity
php fedoraproject debian CWE-835
5.5
5.5
2022-09-28 CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
network
low complexity
php fedoraproject debian
6.5
6.5
2022-09-28 CVE-2022-39264 nheko is a desktop client for the Matrix communication application.
network
high complexity
nheko-reborn fedoraproject
5.9
5.9
2022-09-28 CVE-2022-39261 Path Traversal vulnerability in multiple products
Twig is a template language for PHP.
network
low complexity
symfony drupal fedoraproject debian CWE-22
7.5
7.5
2022-09-27 CVE-2022-3324 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-26 CVE-2022-2852 Use After Free vulnerability in multiple products
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8