Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-0730 Improper Authentication vulnerability in multiple products
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
network
low complexity
cacti debian fedoraproject CWE-287
critical
 9.8
9.8
2022-03-03 CVE-2022-24724 Integer Overflow or Wraparound vulnerability in multiple products
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark.
network
low complexity
github fedoraproject CWE-190
critical
 9.8
9.8
2022-02-18 CVE-2021-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in mbsync versions prior to 1.4.4.
network
low complexity
isync-project fedoraproject redhat debian CWE-119
critical
 9.8
9.8
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-190
critical
 9.8
9.8
2022-02-16 CVE-2021-3781 OS Command Injection vulnerability in multiple products
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command.
network
low complexity
artifex fedoraproject CWE-78
critical
 9.9
9.9
2022-02-16 CVE-2021-3773 A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
network
low complexity
linux fedoraproject redhat oracle
critical
 9.8
9.8
2022-02-16 CVE-2022-0559 Use After Free vulnerability in multiple products
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
network
low complexity
radare fedoraproject CWE-416
critical
 9.8
9.8
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-116
critical
 9.8
9.8
2022-02-14 CVE-2022-0582 NULL Pointer Dereference vulnerability in multiple products
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-476
critical
 9.8
9.8
2022-02-12 CVE-2022-0097 Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
network
low complexity
google fedoraproject
critical
 9.6
9.6