Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-02 CVE-2023-30944 SQL Injection vulnerability in multiple products
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages.
network
low complexity
moodle fedoraproject CWE-89
7.3
7.3
2023-04-25 CVE-2023-29007 Injection vulnerability in multiple products
Git is a revision control system.
local
low complexity
git-scm fedoraproject CWE-74
7.8
7.8
2023-04-25 CVE-2023-25652 Path Traversal vulnerability in multiple products
Git is a revision control system.
network
low complexity
git-scm fedoraproject CWE-22
7.5
7.5
2023-04-25 CVE-2022-42335 NULL Pointer Dereference vulnerability in multiple products
x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen fedoraproject CWE-476
7.8
7.8
2023-04-19 CVE-2023-2133 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
8.8
2023-04-19 CVE-2023-2134 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
8.8
2023-04-19 CVE-2023-2135 Use After Free vulnerability in multiple products
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page.
network
high complexity
google debian fedoraproject CWE-416
7.5
7.5
2023-04-19 CVE-2023-2137 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
8.8
2023-04-17 CVE-2023-29197 Interpretation Conflict vulnerability in multiple products
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP.
network
low complexity
guzzlephp fedoraproject CWE-436
7.5
7.5
2023-04-15 CVE-2021-43612 Out-of-bounds Write vulnerability in multiple products
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.
network
low complexity
lldpd-project fedoraproject CWE-787
7.5
7.5