Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4144 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU.
local
low complexity
qemu fedoraproject redhat CWE-125
6.5
2022-11-23 CVE-2022-45149 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL.
network
low complexity
moodle fedoraproject CWE-352
5.4
2022-11-23 CVE-2022-45150 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting vulnerability was discovered in Moodle.
network
low complexity
moodle fedoraproject CWE-79
6.1
2022-11-23 CVE-2022-45151 Cross-site Scripting vulnerability in multiple products
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields.
network
low complexity
moodle fedoraproject CWE-79
5.4
2022-11-22 CVE-2022-3500 Uncaught Exception vulnerability in multiple products
A vulnerability was found in keylime.
local
high complexity
keylime redhat fedoraproject CWE-248
5.1
2022-11-08 CVE-2022-3821 Off-by-one Error vulnerability in multiple products
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c.
5.5
2022-11-01 CVE-2022-42799 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The issue was addressed with improved UI handling.
network
low complexity
apple fedoraproject CWE-1021
6.1
2022-11-01 CVE-2022-42310 Incomplete Cleanup vulnerability in multiple products
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created.
local
low complexity
xen debian fedoraproject CWE-459
5.5
2022-11-01 CVE-2022-42317 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2022-11-01 CVE-2022-42318 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored.
local
low complexity
xen debian fedoraproject CWE-770
6.5