Vulnerabilities > Fedoraproject > Fedora > 34

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-16	CVE-2021-3578	Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. local low complexity isync-project fedoraproject debian CWE-704	7.8
2022-02-16	CVE-2021-3752	Race Condition vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. high complexity linux redhat fedoraproject netapp debian oracle CWE-362	7.1
2022-02-16	CVE-2021-3760	Use After Free vulnerability in multiple products A flaw was found in the Linux kernel. local low complexity linux fedoraproject debian netapp CWE-416	7.8
2022-02-16	CVE-2021-3773	A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. network low complexity linux fedoraproject redhat oracle critical	9.8
2022-02-16	CVE-2021-3781	OS Command Injection vulnerability in multiple products A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. network low complexity artifex fedoraproject CWE-78 critical	9.9
2022-02-16	CVE-2021-3551	Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. local dogtagpki fedoraproject oracle redhat CWE-312	4.4
2022-02-16	CVE-2022-25235	Improper Encoding or Escaping of Output vulnerability in multiple products xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. network low complexity libexpat-project debian fedoraproject oracle siemens CWE-116 critical	9.8
2022-02-15	CVE-2022-21698	Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. network low complexity prometheus fedoraproject rdo-project CWE-770	7.5
2022-02-14	CVE-2022-0581	Use After Free vulnerability in multiple products Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-416	7.5
2022-02-14	CVE-2022-0582	NULL Pointer Dereference vulnerability in multiple products Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-476 critical	9.8