Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-30	CVE-2022-40316	Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. network low complexity moodle fedoraproject CWE-862	4.3
2022-09-29	CVE-2022-3352	Use After Free in GitHub repository vim/vim prior to 9.0.0614. local low complexity vim fedoraproject debian	7.8
2022-09-29	CVE-2014-0147	Integer Overflow or Wraparound vulnerability in multiple products Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. local low complexity qemu fedoraproject redhat CWE-190	6.2
2022-09-28	CVE-2022-31628	Infinite Loop vulnerability in multiple products In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. local low complexity php fedoraproject debian CWE-835	5.5
2022-09-28	CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. network low complexity php fedoraproject debian	6.5
2022-09-28	CVE-2022-39264	nheko is a desktop client for the Matrix communication application. network high complexity nheko-reborn fedoraproject	5.9
2022-09-28	CVE-2022-39261	Path Traversal vulnerability in multiple products Twig is a template language for PHP. network low complexity symfony drupal fedoraproject debian CWE-22	7.5
2022-09-27	CVE-2022-3324	Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. local low complexity vim fedoraproject debian	7.8
2022-09-26	CVE-2022-2852	Use After Free vulnerability in multiple products Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2022-09-26	CVE-2022-2853	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-787	8.8