Fedoraproject: >> Fedora >> 36 Security Vulnerabilities
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-14
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-09-13
.NET Core and Visual Studio Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.014
Published
2022-09-13
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.0
Published
2022-09-13
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-09
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-09-09
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-09
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-09
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS Score
7.3
EPSS Score
0.879
Published
2022-09-09
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-09-06