affectedSoftware.name:"fedoraproject fedora"

Daily Hot! Security news Exploit updates Blogs review Bugbounty Linux vulnerabilities Scanners plugins updates CVE Feed Security Tools Firefox vulnerabilities CVSS High Score Windows Vulnerabilities Popular in social networks Wild exploited log4j news

cve

CVE-2022-32189

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of...

2022-08-10T20:15:00

cve

A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak...

2022-08-05T17:15:00

cve

CVE-2022-1158

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

2022-08-05T17:15:00

cve

CVE-2022-2295

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

2022-07-28T02:15:00

cve

CVE-2022-2296

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI...

2022-07-28T02:15:00

cve

CVE-2022-2163

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI...

2022-07-28T02:15:00

cve

CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

2022-07-28T02:15:00

cve

CVE-2022-2164

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML...

2022-07-28T01:15:00

cve

CVE-2022-2162

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML...

2022-07-28T01:15:00

cve

CVE-2022-2161

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI...

2022-07-28T01:15:00

cve

CVE-2022-2160

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML...

2022-07-28T01:15:00

cve

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

2022-07-28T01:15:00

cve

CVE-2022-2157

Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML...

2022-07-28T01:15:00

cve

CVE-2022-2156

Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

2022-07-28T01:15:00

cve

CVE-2022-2165

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain...

2022-07-28T01:15:00

cve

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning /...

2022-07-26T13:15:00

cve

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's...

2022-07-25T16:15:00

cve

CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this...

2022-07-25T16:15:00

cve

CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature...

2022-07-25T16:15:00

cve

CVE-2022-35649

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in...

2022-07-25T16:15:00

0 of total 3481

affectedSoftware.name:"fedoraproject fedora"

CVE-2022-32189

CVE-2022-1973

CVE-2022-1158

CVE-2022-2295

CVE-2022-2296

CVE-2022-2163

CVE-2022-2294

CVE-2022-2164

CVE-2022-2162

CVE-2022-2161

CVE-2022-2160

CVE-2022-2158

CVE-2022-2157

CVE-2022-2156

CVE-2022-2165

CVE-2022-33745

CVE-2022-35653

CVE-2022-35652

CVE-2022-35650

CVE-2022-35649