Filtered by vendor Fedoraproject
Subscriptions
Total
5398 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37048 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
| The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941. | ||||
| CVE-2022-37047 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.8 High |
| The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940. | ||||
| CVE-2022-36440 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-11-21 | 7.5 High |
| A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | ||||
| CVE-2022-36227 | 5 Debian, Fedoraproject, Libarchive and 2 more | 6 Debian Linux, Fedora, Libarchive and 3 more | 2024-11-21 | 9.8 Critical |
| In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." | ||||
| CVE-2022-35653 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | ||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 6.1 Medium |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | ||||
| CVE-2022-35651 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. | ||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 7.5 High |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | ||||
| CVE-2022-35649 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 9.8 Critical |
| The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | ||||
| CVE-2022-35020 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | ||||
| CVE-2022-35019 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a segmentation fault. | ||||
| CVE-2022-35018 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a segmentation fault. | ||||
| CVE-2022-35017 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | ||||
| CVE-2022-35016 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow. | ||||
| CVE-2022-35015 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. | ||||
| CVE-2022-35014 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | 5.5 Medium |
| Advancecomp v2.3 contains a segmentation fault. | ||||
| CVE-2022-34912 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. | ||||
| CVE-2022-34911 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | ||||
| CVE-2022-34903 | 5 Debian, Fedoraproject, Gnupg and 2 more | 6 Debian Linux, Fedora, Gnupg and 3 more | 2024-11-21 | 6.5 Medium |
| GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | ||||
| CVE-2022-34749 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2024-11-21 | 7.5 High |
| In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking. | ||||