Vulnerabilities > Fedoraproject > Fedora > 36
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2021-46790 | Out-of-bounds Write vulnerability in multiple products ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. | 7.8 |
| 2022-05-02 | CVE-2022-29968 | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in the Linux kernel through 5.17.5. | 7.8 |
| 2022-05-01 | CVE-2022-25844 | The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. | 7.5 |
| 2022-04-29 | CVE-2022-0984 | Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | 4.3 |
| 2022-04-28 | CVE-2022-29869 | Information Exposure Through Log Files vulnerability in multiple products cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | 5.3 |
| 2022-04-27 | CVE-2022-24735 | Redis is an in-memory database that persists on disk. | 7.8 |
| 2022-04-27 | CVE-2022-24736 | Redis is an in-memory database that persists on disk. | 5.5 |
| 2022-04-27 | CVE-2022-1507 | NULL Pointer Dereference vulnerability in multiple products chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. | 5.5 |
| 2022-04-27 | CVE-2022-27239 | Out-of-bounds Write vulnerability in multiple products In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | 7.8 |
| 2022-04-26 | CVE-2022-24882 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). | 7.5 |