Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3198 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 8.8 High |
| Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2022-3071 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | 8.8 High |
| Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | ||||
| CVE-2022-3058 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 8.8 High |
| Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. | ||||
| CVE-2022-3057 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 6.5 Medium |
| Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-3056 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-21 | 6.5 Medium |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| CVE-2022-3051 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | 8.8 High |
| Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | ||||
| CVE-2022-3050 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2025-05-21 | 8.8 High |
| Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. | ||||
| CVE-2022-3049 | 2 Fedoraproject, Google | 4 Fedora, Chrome, Chrome Os and 1 more | 2025-05-21 | 8.8 High |
| Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-3048 | 2 Fedoraproject, Google | 3 Fedora, Chrome, Chrome Os | 2025-05-21 | 6.8 Medium |
| Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | ||||
| CVE-2022-31628 | 4 Debian, Fedoraproject, Php and 1 more | 4 Debian Linux, Fedora, Php and 1 more | 2025-05-20 | 2.3 Low |
| In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | ||||
| CVE-2022-3352 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-05-20 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0614. | ||||
| CVE-2022-40313 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | 7.1 High |
| Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | ||||
| CVE-2022-40316 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | 4.3 Medium |
| The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | ||||
| CVE-2022-40315 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2025-05-20 | 9.8 Critical |
| A limited SQL injection risk was identified in the "browse list of users" site administration page. | ||||
| CVE-2023-3966 | 3 Fedoraproject, Openvswitch, Redhat | 4 Fedora, Openvswitch, Enterprise Linux and 1 more | 2025-05-16 | 7.5 High |
| A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled. | ||||
| CVE-2022-42721 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2025-05-15 | 5.5 Medium |
| A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code. | ||||
| CVE-2022-42720 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2025-05-15 | 7.8 High |
| Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. | ||||
| CVE-2022-42719 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2025-05-15 | 8.8 High |
| A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. | ||||
| CVE-2024-1284 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-15 | 9.8 Critical |
| Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-21626 | 3 Fedoraproject, Linuxfoundation, Redhat | 10 Fedora, Runc, Enterprise Linux and 7 more | 2025-05-15 | 8.6 High |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | ||||