RSS   Podatności dla 'Fedora'   RSS

2022-06-09
 
CVE-2022-1998

CWE-416
 

 
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

 
2022-06-07
 
CVE-2022-1708

CWE-400
 

 
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

 
2022-05-31
 
CVE-2022-1942

CWE-787
 

 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

 
2022-05-27
 
CVE-2022-1898

CWE-416
 

 
Use After Free in GitHub repository vim/vim prior to 8.2.

 
2022-05-18
 
CVE-2022-30597

NVD-CWE-Other
 

 
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

 
 
CVE-2022-30598

NVD-CWE-noinfo
 

 
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

 
 
CVE-2022-30599

CWE-89
 

 
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

 
 
CVE-2022-30600

CWE-682
 

 
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

 
 
CVE-2022-30596

CWE-79
 

 
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.

 
2022-05-08
 
CVE-2022-1619

CWE-787
 

 
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

 


Copyright 2022, cxsecurity.com

 

Back to Top