Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-03-09 CVE-2022-24919 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
network
high complexity
zabbix debian fedoraproject CWE-79
4.4
4.4
2022-03-08 CVE-2022-24713 regex is an implementation of regular expressions for the Rust language.
network
low complexity
rust-lang fedoraproject debian
7.5
7.5
2022-03-07 CVE-2022-24737 HTTPie is a command-line HTTP client.
network
low complexity
httpie fedoraproject
6.5
6.5
2022-03-06 CVE-2022-26495 Integer Overflow or Wraparound vulnerability in multiple products
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow.
network
low complexity
network-block-device-project debian fedoraproject CWE-190
critical
 9.8
9.8
2022-03-06 CVE-2022-26496 Out-of-bounds Write vulnerability in multiple products
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow.
network
low complexity
network-block-device-project debian fedoraproject CWE-787
critical
 9.8
9.8
2022-03-06 CVE-2022-26490 Classic Buffer Overflow vulnerability in multiple products
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
local
low complexity
linux fedoraproject netapp debian CWE-120
7.8
7.8
2022-03-04 CVE-2021-3656 Missing Authorization vulnerability in multiple products
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization.
local
low complexity
linux fedoraproject redhat CWE-862
8.8
8.8
2022-03-04 CVE-2021-3737 Infinite Loop vulnerability in multiple products
A flaw was found in python. 		7.5
7.5
2022-03-04 CVE-2021-3575 A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file.
local
low complexity
uclouvain redhat fedoraproject
7.8
7.8
2022-03-04 CVE-2021-23214 When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
network
high complexity
postgresql fedoraproject redhat
8.1
8.1