CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora » 36 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-35653 79 Exec Code XSS 2022-07-25 2022-07-28
0.0
None ??? ??? ??? ??? ??? ???
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
2 CVE-2022-35652 601 2022-07-25 2022-08-01
0.0
None ??? ??? ??? ??? ??? ???
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
3 CVE-2022-35651 79 Exec Code XSS 2022-07-25 2022-07-29
0.0
None ??? ??? ??? ??? ??? ???
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
4 CVE-2022-35650 20 Dir. Trav. 2022-07-25 2022-08-01
0.0
None ??? ??? ??? ??? ??? ???
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
5 CVE-2022-35649 20 Exec Code 2022-07-25 2022-08-01
0.0
None ??? ??? ??? ??? ??? ???
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6 CVE-2022-34903 74 2022-07-01 2022-07-28
5.8
None Remote Medium Not required Partial Partial None
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
7 CVE-2022-34169 681 Exec Code 2022-07-19 2022-08-08
0.0
None ??? ??? ??? ??? ??? ???
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
8 CVE-2022-33745 2022-07-26 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
9 CVE-2022-33742 200 +Info 2022-07-05 2022-07-27
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
10 CVE-2022-33741 200 +Info 2022-07-05 2022-07-27
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
11 CVE-2022-33740 200 +Info 2022-07-05 2022-07-27
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
12 CVE-2022-32547 704 2022-06-16 2022-06-30
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
13 CVE-2022-32546 190 2022-06-16 2022-06-30
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
14 CVE-2022-32545 190 2022-06-16 2022-06-30
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
15 CVE-2022-31052 674 2022-06-28 2022-07-09
3.5
None Remote Medium ??? None None Partial
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local user's client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
16 CVE-2022-30600 682 Bypass 2022-05-18 2022-06-13
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
17 CVE-2022-30599 89 Sql 2022-05-18 2022-06-13
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
18 CVE-2022-30598 2022-05-18 2022-06-13
4.0
None Remote Low ??? Partial None None
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
19 CVE-2022-30597 2022-05-18 2022-06-13
5.0
None Remote Low Not required Partial None None
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
20 CVE-2022-30596 79 XSS 2022-05-18 2022-06-13
3.5
None Remote Medium ??? None Partial None
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
21 CVE-2022-30292 787 Overflow 2022-05-04 2022-07-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
22 CVE-2022-29901 668 Exec Code Bypass 2022-07-12 2022-08-03
1.9
None Local Medium Not required Partial None None
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
23 CVE-2022-29900 200 Exec Code +Info 2022-07-12 2022-07-29
2.1
None Local Low Not required Partial None None
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
24 CVE-2022-29824 190 Overflow 2022-05-03 2022-07-25
4.3
None Remote Medium Not required None None Partial
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
25 CVE-2022-29217 327 2022-05-24 2022-06-07
5.0
None Remote Low Not required None Partial None
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.
26 CVE-2022-29117 400 DoS 2022-05-10 2022-05-23
5.0
None Remote Low Not required None None Partial
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.
27 CVE-2022-28390 415 2022-04-03 2022-07-04
4.6
None Local Low Not required Partial Partial Partial
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
28 CVE-2022-28389 415 2022-04-03 2022-07-04
4.6
None Local Low Not required Partial Partial Partial
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
29 CVE-2022-28388 415 2022-04-03 2022-07-04
4.6
None Local Low Not required Partial Partial Partial
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
30 CVE-2022-28048 682 2022-04-15 2022-05-10
6.8
None Remote Medium Not required Partial Partial Partial
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
31 CVE-2022-28042 416 2022-04-15 2022-05-10
6.8
None Remote Medium Not required Partial Partial Partial
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
32 CVE-2022-28041 190 DoS Overflow 2022-04-15 2022-05-10
4.3
None Remote Medium Not required None None Partial
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
33 CVE-2022-27649 276 2022-04-04 2022-07-22
6.0
None Remote Medium ??? Partial Partial Partial
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
34 CVE-2022-27470 787 2022-05-04 2022-05-12
6.8
None Remote Medium Not required Partial Partial Partial
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
35 CVE-2022-27406 125 2022-04-22 2022-07-27
5.0
None Remote Low Not required None None Partial
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
36 CVE-2022-27405 125 2022-04-22 2022-07-27
5.0
None Remote Low Not required None None Partial
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
37 CVE-2022-27404 787 Overflow 2022-04-22 2022-07-27
7.5
None Remote Low Not required Partial Partial Partial
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
38 CVE-2022-27227 2022-03-25 2022-07-30
4.3
None Remote Medium Not required None None Partial
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
39 CVE-2022-27191 327 2022-03-18 2022-07-22
4.3
None Remote Medium Not required None None Partial
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
40 CVE-2022-26691 269 +Priv 2022-05-26 2022-06-16
7.2
None Local Low Not required Complete Complete Complete
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
41 CVE-2022-26496 787 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
42 CVE-2022-26495 190 Overflow 2022-03-06 2022-04-25
7.5
None Remote Low Not required Partial Partial Partial
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
43 CVE-2022-26365 200 +Info 2022-07-05 2022-07-27
3.6
None Local Low Not required Partial None Partial
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
44 CVE-2022-26126 119 Overflow 2022-03-03 2022-07-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.
45 CVE-2022-25601 79 XSS 2022-03-11 2022-04-19
4.3
None Remote Medium Not required None Partial None
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).
46 CVE-2022-25600 352 CSRF 2022-03-11 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
47 CVE-2022-24919 79 Exec Code XSS CSRF 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
48 CVE-2022-24918 79 Exec Code XSS CSRF 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
49 CVE-2022-24917 79 Exec Code XSS CSRF 2022-03-09 2022-04-18
2.1
None Remote High ??? None Partial None
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
50 CVE-2022-24884 347 2022-05-06 2022-05-16
5.0
None Remote Low Not required None Partial None
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.
Total number of vulnerabilities : 212   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.