Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-21673 Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana fedoraproject
4.3
4.3
2022-01-17 CVE-2022-23303 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns.
network
low complexity
w1-fi fedoraproject CWE-203
critical
 9.8
9.8
2022-01-17 CVE-2022-23304 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns.
network
low complexity
w1-fi fedoraproject CWE-203
critical
 9.8
9.8
2022-01-16 CVE-2022-0238 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
phoronix-media fedoraproject
4.3
4.3
2022-01-15 CVE-2021-44537 Injection vulnerability in multiple products
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
local
low complexity
owncloud fedoraproject CWE-74
7.8
7.8
2022-01-15 CVE-2022-23094 NULL Pointer Dereference vulnerability in multiple products
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists.
network
low complexity
libreswan fedoraproject debian CWE-476
7.5
7.5
2022-01-14 CVE-2021-46019 NULL Pointer Dereference vulnerability in multiple products
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-476
5.5
5.5
2022-01-14 CVE-2021-46021 Use After Free vulnerability in multiple products
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-416
5.5
5.5
2022-01-14 CVE-2021-46022 Use After Free vulnerability in multiple products
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-416
5.5
5.5
2022-01-14 CVE-2022-21680 Marked is a markdown parser and compiler.
network
low complexity
marked-project fedoraproject
7.5
7.5