Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux > 8.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-19	CVE-2022-25648	Argument Injection or Modification vulnerability in multiple products The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. network low complexity git fedoraproject debian CWE-88 critical	9.8
2022-03-18	CVE-2022-27191	The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. network low complexity golang fedoraproject redhat	7.5
2022-02-15	CVE-2022-21698	Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. network low complexity prometheus fedoraproject rdo-project CWE-770	7.5
2022-02-14	CVE-2022-0571	Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. network low complexity phoronix-media fedoraproject	6.1
2022-01-31	CVE-2021-45079	NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. network low complexity strongswan debian fedoraproject canonical CWE-476 critical	9.1
2022-01-06	CVE-2021-46141	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2022-01-06	CVE-2021-46142	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2021-09-08	CVE-2021-21897	A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. network low complexity ribbonsoft fedoraproject debian	8.8
2021-02-23	CVE-2021-20247	Path Traversal vulnerability in multiple products A flaw was found in mbsync before v1.3.5 and v1.4.1. network high complexity mbsync-project debian fedoraproject CWE-22	7.4
2020-12-08	CVE-2020-27818	Out-of-bounds Read vulnerability in multiple products A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. local low complexity libpng fedoraproject debian CWE-125	3.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.