Vulnerabilities > Fedoraproject > Fedora > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-0435 | Out-of-bounds Write vulnerability in multiple products A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. | 9.0 |
| 2022-02-21 | CVE-2021-44142 | Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. | 9.0 |
| 2022-02-18 | CVE-2020-25719 | Improper Authentication vulnerability in multiple products A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. | 9.0 |
| 2022-02-16 | CVE-2021-3781 | Improper Input Validation vulnerability in multiple products A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. | 9.3 |
| 2022-01-25 | CVE-2021-45341 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 9.3 |
| 2022-01-10 | CVE-2022-21668 | Incomplete Filtering of Special Elements vulnerability in multiple products pipenv is a Python development workflow tool. | 9.3 |
| 2021-12-23 | CVE-2021-3621 | Command Injection vulnerability in multiple products A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. | 9.3 |
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. | 9.3 |
| 2021-11-19 | CVE-2021-3973 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 9.3 |
| 2021-10-04 | CVE-2021-32762 | Integer Overflow to Buffer Overflow vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. | 9.0 |