Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-0435 Out-of-bounds Write vulnerability in multiple products
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.
network
low complexity
linux redhat ovirt fedoraproject CWE-787
critical
9.0
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
network
low complexity
samba debian canonical synology fedoraproject redhat CWE-787
critical
9.0
2022-02-18 CVE-2020-25719 Improper Authentication vulnerability in multiple products
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication.
network
low complexity
samba debian fedoraproject canonical redhat CWE-287
critical
9.0
2022-02-16 CVE-2021-3781 Improper Input Validation vulnerability in multiple products
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command.
network
artifex fedoraproject CWE-20
critical
9.3
2022-01-25 CVE-2021-45341 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
9.3
2022-01-10 CVE-2022-21668 Incomplete Filtering of Special Elements vulnerability in multiple products
pipenv is a Python development workflow tool.
network
pypa fedoraproject CWE-791
critical
9.3
2021-12-23 CVE-2021-3621 Command Injection vulnerability in multiple products
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
network
sssd redhat fedoraproject CWE-77
critical
9.3
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
9.3
2021-11-19 CVE-2021-3973 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
network
vim fedoraproject debian CWE-122
critical
9.3
2021-10-04 CVE-2021-32762 Integer Overflow to Buffer Overflow vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
low complexity
redis debian fedoraproject netapp oracle CWE-680
critical
9.0