Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-07-25 CVE-2022-35653 Cross-site Scripting vulnerability in multiple products
A reflected XSS issue was identified in the LTI module of Moodle.
network
low complexity
moodle fedoraproject redhat CWE-79
6.1
6.1
2022-07-25 CVE-2020-7677 This affects the package thenify before 3.3.1.
network
low complexity
thenify-project debian fedoraproject
critical
 9.8
9.8
2022-07-25 CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system.
network
low complexity
linuxfoundation redhat fedoraproject
critical
 9.1
9.1
2022-07-24 CVE-2021-46829 Integer Overflow or Wraparound vulnerability in multiple products
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.
local
low complexity
gnome fedoraproject debian CWE-190
7.8
7.8
2022-07-20 CVE-2022-31160 jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.
network
low complexity
jqueryui netapp drupal fedoraproject debian
6.1
6.1
2022-07-19 CVE-2022-2476 A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access.
local
low complexity
wavpack fedoraproject
5.5
5.5
2022-07-19 CVE-2022-34169 Incorrect Conversion between Numeric Types vulnerability in multiple products
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. 		7.5
7.5
2022-07-14 CVE-2022-32323 Out-of-bounds Write vulnerability in multiple products
AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.
local
low complexity
autotrace-project fedoraproject CWE-787
7.3
7.3
2022-07-14 CVE-2022-23825 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
local
low complexity
debian fedoraproject amd vmware CWE-668
6.5
6.5
2022-07-14 CVE-2022-32212 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
network
high complexity
nodejs debian fedoraproject siemens CWE-78
8.1
8.1