Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-24070 Use After Free vulnerability in multiple products
Subversion's mod_dav_svn is vulnerable to memory corruption.
network
low complexity
apache debian fedoraproject apple CWE-416
7.5
7.5
2022-04-12 CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches.
local
low complexity
git-scm fedoraproject apple debian
7.8
7.8
2022-04-11 CVE-2022-24836 Nokogiri is an open source XML and HTML library for Ruby.
network
low complexity
nokogiri fedoraproject debian apple
7.5
7.5
2022-04-08 CVE-2022-28805 Out-of-bounds Read vulnerability in multiple products
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
network
low complexity
lua fedoraproject CWE-125
critical
 9.1
9.1
2022-04-08 CVE-2022-28796 Race Condition vulnerability in multiple products
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
local
high complexity
linux redhat fedoraproject netapp CWE-362
7.0
7.0
2022-04-06 CVE-2021-43138 In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
local
low complexity
async-project fedoraproject
7.8
7.8
2022-04-05 CVE-2022-26356 Improper Locking vulnerability in multiple products
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls.
local
high complexity
xen debian fedoraproject CWE-667
5.6
5.6
2022-04-05 CVE-2022-26357 Race Condition vulnerability in multiple products
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide.
local
high complexity
xen debian fedoraproject CWE-362
7.0
7.0
2022-04-05 CVE-2022-26358 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi.
local
low complexity
xen debian fedoraproject
7.8
7.8
2022-04-05 CVE-2022-26359 IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi.
local
low complexity
xen debian fedoraproject
7.8
7.8