Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-21680 Marked is a markdown parser and compiler.
network
low complexity
marked-project fedoraproject
7.5
7.5
2022-01-14 CVE-2022-21681 Marked is a markdown parser and compiler.
network
low complexity
marked-project fedoraproject
7.5
7.5
2022-01-14 CVE-2022-23222 NULL Pointer Dereference vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
local
low complexity
linux debian netapp fedoraproject CWE-476
7.8
7.8
2022-01-13 CVE-2022-23132 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder.
network
low complexity
zabbix fedoraproject CWE-732
7.3
7.3
2022-01-13 CVE-2022-0196 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
phoronix-media fedoraproject
8.8
8.8
2022-01-13 CVE-2022-0197 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
phoronix-media fedoraproject
8.8
8.8
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
local
low complexity
flatpak fedoraproject redhat debian CWE-276
8.6
8.6
2022-01-12 CVE-2021-44648 Out-of-bounds Write vulnerability in multiple products
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
network
low complexity
gnome fedoraproject debian CWE-787
8.8
8.8
2022-01-10 CVE-2022-21668 Improper Validation of Specified Quantity in Input vulnerability in multiple products
pipenv is a Python development workflow tool.
local
low complexity
pypa fedoraproject CWE-1284
8.6
8.6
2022-01-10 CVE-2021-21408 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject
8.8
8.8