U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 697 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-21125

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: June 15, 2022; 4:15:17 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-21123

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: June 15, 2022; 4:15:17 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1998

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Published: June 09, 2022; 11:15:09 AM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-1949

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.

Published: June 02, 2022; 10:15:34 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-1789

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

Published: June 02, 2022; 10:15:33 AM -0400
V3.1: 6.8 MEDIUM
V2.0: 6.9 MEDIUM
CVE-2022-1942

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Published: May 31, 2022; 10:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-1927

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Published: May 29, 2022; 10:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-1897

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Published: May 27, 2022; 11:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

Published: May 24, 2022; 11:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-30600

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

Published: May 18, 2022; 2:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-30599

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

Published: May 18, 2022; 2:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-30598

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

Published: May 18, 2022; 2:15:10 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-30597

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

Published: May 18, 2022; 2:15:10 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2022-30596

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.

Published: May 18, 2022; 1:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2022-1769

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.

Published: May 17, 2022; 1:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1733

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.

Published: May 17, 2022; 1:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-1674

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

Published: May 12, 2022; 7:15:07 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-29117

.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.

Published: May 10, 2022; 5:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-1620

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

Published: May 08, 2022; 7:15:07 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-1619

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

Published: May 08, 2022; 6:15:07 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM