Vulnerabilities > Fedoraproject > Fedora > 35

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-18	CVE-2022-27191	The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. network low complexity golang fedoraproject redhat	7.5
2022-03-17	CVE-2022-24302	Race Condition vulnerability in multiple products In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. network high complexity paramiko debian fedoraproject CWE-362	5.9
2022-03-16	CVE-2021-23648	Cross-site Scripting vulnerability in multiple products The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. network low complexity paypal fedoraproject CWE-79	6.1
2022-03-14	CVE-2022-20001	fish is a command line shell. local low complexity fishshell fedoraproject debian	7.8
2022-03-14	CVE-2022-22719	Improper Initialization vulnerability in multiple products A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. network low complexity apache debian fedoraproject oracle apple CWE-665	7.5
2022-03-14	CVE-2022-22720	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling network low complexity apache fedoraproject debian oracle apple CWE-444 critical	9.8
2022-03-14	CVE-2022-22721	Integer Overflow or Wraparound vulnerability in multiple products If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. network low complexity apache fedoraproject debian oracle apple CWE-190 critical	9.1
2022-03-14	CVE-2022-23943	Out-of-bounds Write vulnerability in multiple products Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. network low complexity apache fedoraproject debian oracle CWE-787 critical	9.8
2022-03-11	CVE-2022-0907	Unchecked Return Value vulnerability in multiple products Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. local low complexity libtiff debian fedoraproject netapp CWE-252	5.5
2022-03-11	CVE-2022-0908	NULL Pointer Dereference vulnerability in multiple products Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. local low complexity libtiff debian fedoraproject netapp CWE-476	5.5