Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fedora
(Fedoraproject)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-09-13 | CVE-2022-3190 | Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file | Fedora, Wireshark | 5.5 | ||
2022-09-13 | CVE-2021-36568 | In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | Fedora, Moodle | 5.4 | ||
2022-09-14 | CVE-2022-40674 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | Debian_linux, Fedora, Libexpat | 8.1 | ||
2022-09-14 | CVE-2022-40626 | An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | Fedora, Zabbix | 6.1 | ||
2022-09-14 | CVE-2022-40673 | KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | Fedora, Kdiskmark | 7.8 | ||
2022-09-16 | CVE-2022-30674 | Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Indesign, Fedora | 5.5 | ||
2022-09-15 | CVE-2022-39209 | cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This... | Fedora, Cmark\-Gfm | 6.5 | ||
2022-09-18 | CVE-2022-3235 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | Debian_linux, Fedora, Vim | 7.8 | ||
2022-09-17 | CVE-2022-3234 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | Debian_linux, Fedora, Vim | 7.8 | ||
2022-09-20 | CVE-2022-39955 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS... | Debian_linux, Fedora, Owasp_modsecurity_core_rule_set | 9.8 |