cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Max CVSS
9.8
EPSS Score
0.29%
Published
2022-05-18
Updated
2022-12-21
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
Max CVSS
9.8
EPSS Score
0.32%
Published
2022-05-18
Updated
2022-12-21
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
Max CVSS
5.3
EPSS Score
0.15%
Published
2022-05-18
Updated
2022-12-21
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
Max CVSS
5.4
EPSS Score
0.09%
Published
2022-05-18
Updated
2022-12-21
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-05-02
Updated
2023-02-10
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
Max CVSS
5.3
EPSS Score
0.38%
Published
2022-04-28
Updated
2023-11-24
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Max CVSS
6.5
EPSS Score
0.15%
Published
2022-05-03
Updated
2023-01-11
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Max CVSS
7.5
EPSS Score
0.29%
Published
2022-04-20
Updated
2022-10-05
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
Max CVSS
9.8
EPSS Score
0.74%
Published
2022-05-05
Updated
2022-09-09
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
Max CVSS
9.0
EPSS Score
0.19%
Published
2022-05-05
Updated
2022-09-09
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
Max CVSS
9.0
EPSS Score
0.49%
Published
2022-05-05
Updated
2022-09-09
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-05-17
Updated
2023-03-27
.NET and Visual Studio Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.25%
Published
2022-05-10
Updated
2023-12-21
.NET and Visual Studio Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.25%
Published
2022-05-10
Updated
2023-12-21
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
Max CVSS
6.1
EPSS Score
0.11%
Published
2022-05-12
Updated
2022-10-06
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
Max CVSS
7.8
EPSS Score
0.05%
Published
2022-04-03
Updated
2023-02-01
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
Max CVSS
5.5
EPSS Score
0.05%
Published
2022-04-03
Updated
2023-01-03
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
Max CVSS
5.5
EPSS Score
0.05%
Published
2022-04-03
Updated
2023-01-03
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
Max CVSS
7.5
EPSS Score
0.38%
Published
2022-04-20
Updated
2023-02-14
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
Max CVSS
8.8
EPSS Score
0.28%
Published
2022-04-15
Updated
2022-05-10
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
Max CVSS
8.8
EPSS Score
0.28%
Published
2022-04-15
Updated
2023-02-23
stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.35%
Published
2022-04-15
Updated
2023-02-23
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-03-23
Updated
2023-02-01
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
Max CVSS
6.8
EPSS Score
0.13%
Published
2022-04-04
Updated
2022-09-03
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Max CVSS
7.5
EPSS Score
0.23%
Published
2022-04-04
Updated
2022-11-28
1070 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!