Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2022-04-04 CVE-2022-24191 Infinite Loop vulnerability in multiple products
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
local
low complexity
htmldoc-project fedoraproject CWE-835
5.5
5.5
2022-04-03 CVE-2022-28388 Double Free vulnerability in multiple products
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux debian fedoraproject netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-28389 Double Free vulnerability in multiple products
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-28390 Double Free vulnerability in multiple products
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
7.8
7.8
2022-04-01 CVE-2021-3847 Improper Preservation of Permissions vulnerability in multiple products
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount.
local
low complexity
linux fedoraproject CWE-281
7.2
7.2
2022-03-30 CVE-2022-1160 Heap-based Buffer Overflow vulnerability in multiple products
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
local
low complexity
vim fedoraproject CWE-122
7.8
7.8
2022-03-30 CVE-2022-1154 Use After Free vulnerability in multiple products
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
local
low complexity
vim fedoraproject debian oracle CWE-416
7.8
7.8
2022-03-29 CVE-2022-1122 Improper Initialization vulnerability in multiple products
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files.
local
low complexity
uclouvain fedoraproject debian CWE-665
5.5
5.5
2022-03-28 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python fedoraproject
critical
 9.1
9.1
2022-03-25 CVE-2021-3941 Divide By Zero vulnerability in multiple products
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value.
local
low complexity
openexr redhat fedoraproject debian CWE-369
6.5
6.5