Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5187 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30788 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 4.6 MEDIUM 7.8 HIGH
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
CVE-2022-30787 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30786 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 4.6 MEDIUM 7.8 HIGH
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
CVE-2022-30785 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 7.2 HIGH 6.7 MEDIUM
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30784 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 4.6 MEDIUM 7.8 HIGH
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
CVE-2022-30783 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30767 2 Denx, Fedoraproject 2 U-boot, Fedora 2024-11-21 7.5 HIGH 9.8 CRITICAL
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
CVE-2022-30699 2 Fedoraproject, Nlnetlabs 2 Fedora, Unbound 2024-11-21 N/A 6.5 MEDIUM
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
CVE-2022-30698 2 Fedoraproject, Nlnetlabs 2 Fedora, Unbound 2024-11-21 N/A 6.5 MEDIUM
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
CVE-2022-30674 4 Adobe, Apple, Fedoraproject and 1 more 4 Indesign, Macos, Fedora and 1 more 2024-11-21 N/A 5.5 MEDIUM
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-30600 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVE-2022-30599 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVE-2022-30598 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVE-2022-30597 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVE-2022-30596 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 3.5 LOW 5.4 MEDIUM
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVE-2022-30556 3 Apache, Fedoraproject, Netapp 3 Http Server, Fedora, Clustered Data Ontap 2024-11-21 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
CVE-2022-30522 3 Apache, Fedoraproject, Netapp 3 Http Server, Fedora, Clustered Data Ontap 2024-11-21 5.0 MEDIUM 7.5 HIGH
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
CVE-2022-30292 2 Fedoraproject, Squirrel-lang 2 Fedora, Squirrel 2024-11-21 7.5 HIGH 10.0 CRITICAL
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
CVE-2022-30184 3 Apple, Fedoraproject, Microsoft 7 Macos, Fedora, .net and 4 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
.NET and Visual Studio Information Disclosure Vulnerability
CVE-2022-2982 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 N/A 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 9.0.0260.