Vulnerabilities > Fedoraproject > Fedora > 34
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-0330 | Improper Preservation of Permissions vulnerability in multiple products A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. | 7.8 |
| 2022-03-25 | CVE-2022-0435 | Out-of-bounds Write vulnerability in multiple products A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. | 8.8 |
| 2022-03-25 | CVE-2022-0500 | Out-of-bounds Write vulnerability in multiple products A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. | 7.8 |
| 2022-03-25 | CVE-2022-24778 | Incorrect Authorization vulnerability in multiple products The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. | 7.5 |
| 2022-03-25 | CVE-2022-27227 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | 7.5 |
| 2022-03-25 | CVE-2018-25032 | Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 |
| 2022-03-24 | CVE-2022-24769 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Moby is an open-source project created by Docker to enable and accelerate software containerization. | 5.9 |
| 2022-03-23 | CVE-2021-3618 | Improper Certificate Validation vulnerability in multiple products ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. | 7.4 |
| 2022-03-23 | CVE-2021-3748 | Use After Free vulnerability in multiple products A use-after-free vulnerability was found in the virtio-net device of QEMU. | 7.5 |
| 2022-03-23 | CVE-2022-0996 | Improper Authentication vulnerability in multiple products A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 6.5 |