Vulnerabilities > Fedoraproject > Fedora > 34
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | 7.5 |
| 2022-04-19 | CVE-2022-25648 | Argument Injection or Modification vulnerability in multiple products The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. | 9.8 |
| 2022-04-18 | CVE-2022-1381 | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. | 7.8 |
| 2022-04-15 | CVE-2022-28041 | Integer Overflow or Wraparound vulnerability in multiple products stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. | 6.5 |
| 2022-04-15 | CVE-2022-28042 | Use After Free vulnerability in multiple products stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | 8.8 |
| 2022-04-15 | CVE-2022-28048 | Incorrect Calculation vulnerability in multiple products STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | 8.8 |
| 2022-04-13 | CVE-2022-24828 | Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. | 8.8 |
| 2022-04-12 | CVE-2022-24765 | Git for Windows is a fork of Git containing Windows-specific patches. | 7.8 |
| 2022-04-11 | CVE-2022-24836 | Nokogiri is an open source XML and HTML library for Ruby. | 7.5 |
| 2022-04-05 | CVE-2022-26356 | Improper Locking vulnerability in multiple products Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. | 5.6 |