Vulnerabilities > Fedoraproject > Fedora > 36
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-24836 | Nokogiri is an open source XML and HTML library for Ruby. | 7.5 |
| 2022-04-08 | CVE-2022-28805 | Out-of-bounds Read vulnerability in multiple products singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | 9.1 |
| 2022-04-06 | CVE-2021-43138 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | 7.8 |
| 2022-04-04 | CVE-2022-27649 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. | 7.5 |
| 2022-04-04 | CVE-2022-27651 | Incorrect Default Permissions vulnerability in multiple products A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. | 6.8 |
| 2022-04-04 | CVE-2022-24801 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. | 8.1 |
| 2022-04-04 | CVE-2022-24785 | Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. | 7.5 |
| 2022-04-03 | CVE-2022-28388 | Double Free vulnerability in multiple products usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | 5.5 |
| 2022-04-03 | CVE-2022-28389 | Double Free vulnerability in multiple products mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | 5.5 |
| 2022-04-03 | CVE-2022-28390 | Double Free vulnerability in multiple products ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | 7.8 |