Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-09-15 CVE-2022-39209 Algorithmic Complexity vulnerability in multiple products
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.
network
low complexity
github fedoraproject CWE-407
6.5
6.5
2022-09-14 CVE-2022-40626 Cross-site Scripting vulnerability in multiple products
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
network
low complexity
zabbix fedoraproject CWE-79
6.1
6.1
2022-09-14 CVE-2022-40673 Missing Authorization vulnerability in multiple products
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
local
low complexity
kdiskmark-project fedoraproject CWE-862
7.8
7.8
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
high complexity
libexpat-project debian fedoraproject CWE-416
8.1
8.1
2022-09-13 CVE-2021-36568 Cross-site Scripting vulnerability in multiple products
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS).
network
low complexity
moodle fedoraproject CWE-79
5.4
5.4
2022-09-13 CVE-2022-3190 Infinite Loop vulnerability in multiple products
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
local
low complexity
wireshark fedoraproject CWE-835
5.5
5.5
2022-09-09 CVE-2022-36087 OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+.
network
low complexity
oauthlib-project fedoraproject
6.5
6.5
2022-09-09 CVE-2022-40320 Out-of-bounds Read vulnerability in multiple products
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
network
low complexity
libconfuse-project fedoraproject CWE-125
8.8
8.8
2022-09-09 CVE-2022-36109 Moby is an open-source project created by Docker to enable software containerization.
network
low complexity
mobyproject fedoraproject
6.3
6.3
2022-09-09 CVE-2022-3169 A flaw was found in the Linux kernel.
local
low complexity
linux fedoraproject debian
5.5
5.5