Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-10-10 CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2.
network
low complexity
freedesktop fedoraproject
6.5
6.5
2022-10-08 CVE-2022-3435 A vulnerability classified as problematic has been found in Linux Kernel.
network
low complexity
linux fedoraproject debian
4.3
4.3
2022-10-07 CVE-2022-3275 Command injection is possible in the puppetlabs-apt module prior to version 9.0.0.
network
low complexity
puppet fedoraproject
critical
 9.8
9.8
2022-10-06 CVE-2022-41556 Memory Leak vulnerability in multiple products
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients.
network
low complexity
lighttpd fedoraproject CWE-401
7.5
7.5
2022-09-30 CVE-2022-40313 Cross-site Scripting vulnerability in multiple products
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
network
low complexity
moodle fedoraproject CWE-79
7.1
7.1
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
 9.8
9.8
2022-09-30 CVE-2022-40316 Missing Authorization vulnerability in multiple products
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3
2022-09-29 CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
6.2
2022-09-28 CVE-2022-31628 Infinite Loop vulnerability in multiple products
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
local
low complexity
php fedoraproject debian CWE-835
5.5
5.5