Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-16	CVE-2022-25235	Improper Encoding or Escaping of Output vulnerability in multiple products xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. network low complexity libexpat-project debian fedoraproject oracle siemens CWE-116 critical	9.8
2022-02-15	CVE-2022-21698	Allocation of Resources Without Limits or Throttling vulnerability in multiple products client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. network low complexity prometheus fedoraproject rdo-project CWE-770	7.5
2022-02-14	CVE-2022-0581	Use After Free vulnerability in multiple products Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-416	7.5
2022-02-14	CVE-2022-0582	NULL Pointer Dereference vulnerability in multiple products Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-476 critical	9.8
2022-02-14	CVE-2022-0583	Out-of-bounds Write vulnerability in multiple products Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-787	7.5
2022-02-14	CVE-2022-0586	Infinite Loop vulnerability in multiple products Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-835	7.5
2022-02-14	CVE-2021-45444	In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. local low complexity zsh fedoraproject debian apple	7.8
2022-02-14	CVE-2022-0571	Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. network low complexity phoronix-media fedoraproject	6.1
2022-02-14	CVE-2022-0572	Out-of-bounds Write vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. local low complexity vim fedoraproject debian apple CWE-787	7.8
2022-02-12	CVE-2022-0096	Use After Free vulnerability in multiple products Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8