Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-31 | CVE-2021-45079 | NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | 9.1 |
| 2022-01-31 | CVE-2022-24130 | Classic Buffer Overflow vulnerability in multiple products xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | 5.5 |
| 2022-01-30 | CVE-2022-0408 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 |
| 2022-01-30 | CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 |
| 2022-01-29 | CVE-2021-46659 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | 5.5 |
| 2022-01-29 | CVE-2022-24122 | Use After Free vulnerability in multiple products kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | 7.8 |
| 2022-01-28 | CVE-2022-0393 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.1 |
| 2022-01-28 | CVE-2022-23598 | laminas-form is a package for validating and displaying simple and complex forms. | 6.1 |
| 2022-01-26 | CVE-2022-23990 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |
| 2022-01-26 | CVE-2021-22570 | NULL Pointer Dereference vulnerability in multiple products Nullptr dereference when a null char is present in a proto symbol. | 5.5 |