Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
 9.1
9.1
2022-11-25 CVE-2022-4141 Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
local
low complexity
vim fedoraproject
7.8
7.8
2022-11-23 CVE-2022-45873 Resource Exhaustion vulnerability in multiple products
systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace.
local
low complexity
systemd-project fedoraproject CWE-400
5.5
5.5
2022-11-23 CVE-2022-44789 Out-of-bounds Write vulnerability in multiple products
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
network
low complexity
artifex debian fedoraproject CWE-787
8.8
8.8
2022-11-23 CVE-2022-45866 Path Traversal vulnerability in multiple products
qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file.
network
low complexity
qpress-project fedoraproject CWE-22
5.3
5.3
2022-11-23 CVE-2022-45149 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL.
network
low complexity
moodle fedoraproject CWE-352
5.4
5.4
2022-11-23 CVE-2022-45150 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting vulnerability was discovered in Moodle.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2022-11-23 CVE-2022-45151 Cross-site Scripting vulnerability in multiple products
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields.
network
low complexity
moodle fedoraproject CWE-79
5.4
5.4
2022-11-22 CVE-2022-3500 A vulnerability was found in keylime.
local
high complexity
keylime redhat fedoraproject
5.1
5.1
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
 9.8
9.8