Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-10-10 CVE-2022-42011 Improper Validation of Array Index vulnerability in multiple products
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2.
network
low complexity
freedesktop fedoraproject CWE-129
6.5
6.5
2022-10-10 CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2.
network
low complexity
freedesktop fedoraproject
6.5
6.5
2022-10-08 CVE-2022-3435 A vulnerability classified as problematic has been found in Linux Kernel.
network
low complexity
linux fedoraproject debian
4.3
4.3
2022-10-07 CVE-2022-3275 Command injection is possible in the puppetlabs-apt module prior to version 9.0.0.
network
low complexity
puppet fedoraproject
critical
 9.8
9.8
2022-10-06 CVE-2022-41556 Memory Leak vulnerability in multiple products
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients.
network
low complexity
lighttpd fedoraproject CWE-401
7.5
7.5
2022-09-30 CVE-2022-40313 Cross-site Scripting vulnerability in multiple products
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
network
low complexity
moodle fedoraproject CWE-79
7.1
7.1
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
 9.8
9.8
2022-09-30 CVE-2022-40316 Missing Authorization vulnerability in multiple products
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3
2022-09-29 CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-29 CVE-2014-0147 Integer Overflow or Wraparound vulnerability in multiple products
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
local
low complexity
qemu fedoraproject redhat CWE-190
6.2
6.2