U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 720 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-24810

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Published: April 16, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-24809

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Published: April 16, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-24808

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Published: April 16, 2024; 4:15:08 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-24807

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Published: April 16, 2024; 4:15:08 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-24806

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Published: April 16, 2024; 4:15:08 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-24805

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

Published: April 16, 2024; 4:15:07 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Published: September 25, 2023; 4:15:10 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-29659

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

Published: May 05, 2023; 12:15:09 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-2468

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2467

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2465

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2464

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2463

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2462

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2460

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:09 PM -0400
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: May 02, 2023; 8:15:08 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-30944

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

Published: May 02, 2023; 4:15:11 PM -0400
V4.0:(not available)
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2023-30943

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

Published: May 02, 2023; 4:15:10 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)