Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2022-23598 | laminas-form is a package for validating and displaying simple and complex forms. | 6.1 |
| 2022-01-26 | CVE-2022-23990 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |
| 2022-01-26 | CVE-2021-22570 | NULL Pointer Dereference vulnerability in multiple products Nullptr dereference when a null char is present in a proto symbol. | 5.5 |
| 2022-01-26 | CVE-2022-23959 | HTTP Request Smuggling vulnerability in multiple products In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections. | 9.1 |
| 2022-01-25 | CVE-2022-23033 | Improper Resource Shutdown or Release vulnerability in multiple products arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. | 7.8 |
| 2022-01-25 | CVE-2022-23034 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. | 5.5 |
| 2022-01-25 | CVE-2022-23035 | Incomplete Cleanup vulnerability in multiple products Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. | 4.6 |
| 2022-01-25 | CVE-2021-45342 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 7.8 |
| 2022-01-25 | CVE-2021-45343 | NULL Pointer Dereference vulnerability in multiple products In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | 5.5 |
| 2022-01-25 | CVE-2021-45341 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 8.8 |