Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 72 of 264
CVE-2022-30974MEDIUMCVSS 5.5v372022-05-18
CVE-2022-30974 [MEDIUM] CVE-2022-30974: compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
nvd
CVE-2022-30975MEDIUMCVSS 5.5v372022-05-18
CVE-2022-30975 [MEDIUM] CWE-476 CVE-2022-30975: In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonst
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
nvd
CVE-2022-30597MEDIUMCVSS 5.3v34v35+1 more2022-05-18
CVE-2022-30597 [MEDIUM] CWE-472 CVE-2022-30597: A flaw was found in moodle where the description user field was not hidden when being set as a hidde
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
nvd
CVE-2022-30598MEDIUMCVSS 4.3v34v35+1 more2022-05-18
CVE-2022-30598 [MEDIUM] CWE-200 CVE-2022-30598: A flaw was found in moodle where global search results could include author information on some acti
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
nvd
CVE-2022-1769HIGHCVSS 7.8v34v35+1 more2022-05-17
CVE-2022-1769 [HIGH] CWE-126 CVE-2022-1769: Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
nvd
CVE-2022-29162HIGHCVSS 7.8v34v35+1 more2022-05-17
CVE-2022-29162 [HIGH] CWE-276 CVE-2022-29162: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification.
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate tho
nvd
CVE-2022-1733HIGHCVSS 7.8v34v35+1 more2022-05-17
CVE-2022-1733 [HIGH] CWE-122 CVE-2022-1733: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
nvd
CVE-2022-1706MEDIUMCVSS 6.5v34v35+1 more2022-05-17
CVE-2022-1706 [MEDIUM] CWE-863 CVE-2022-1706: A vulnerability was found in Ignition where ignition configs are accessible from unprivileged contai
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the
nvd
CVE-2022-30767CRITICALCVSS 9.8v362022-05-16
CVE-2022-30767 [CRITICAL] CVE-2022-30767: nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbound
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
nvd
CVE-2022-1587CRITICALCVSS 9.1v35v362022-05-16
CVE-2022-1587 [CRITICAL] CWE-125 CVE-2022-1587: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_leng
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
nvd
CVE-2022-1586CRITICALCVSS 9.1v35v362022-05-16
CVE-2022-1586 [CRITICAL] CWE-125 CVE-2022-1586: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchi
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
nvd
CVE-2022-1379CRITICALCVSS 9.1v35v362022-05-14
CVE-2022-1379 [CRITICAL] CWE-918 CVE-2022-1379: URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can ab
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
nvd
CVE-2022-1674MEDIUMCVSS 5.5v34v35+1 more2022-05-12
CVE-2022-1674 [MEDIUM] CWE-476 CVE-2022-1674: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vi
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
nvd
CVE-2022-28919MEDIUMCVSS 6.1v34v35+1 more2022-05-12
CVE-2022-28919 [MEDIUM] CWE-79 CVE-2022-28919: HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnera
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
nvd
CVE-2022-1623MEDIUMCVSS 5.5v35v362022-05-11
CVE-2022-1623 [MEDIUM] CWE-125 CVE-2022-1623: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing atta
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
nvd
CVE-2022-1622MEDIUMCVSS 5.5v35v362022-05-11
CVE-2022-1622 [MEDIUM] CWE-125 CVE-2022-1622: LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing atta
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
nvd
CVE-2022-29145HIGHCVSS 7.5v34v35+1 more2022-05-10
CVE-2022-29145 [HIGH] CVE-2022-29145: .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
nvd
CVE-2022-23267HIGHCVSS 7.5v34v35+1 more2022-05-10
CVE-2022-23267 [HIGH] CVE-2022-23267: .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
nvd
CVE-2022-29117HIGHCVSS 7.5v34v35+1 more2022-05-10
CVE-2022-29117 [HIGH] CVE-2022-29117: .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
nvd
CVE-2022-1629HIGHCVSS 7.8v34v352022-05-10
CVE-2022-1629 [HIGH] CWE-126 CVE-2022-1629: Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vu
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
nvd