Vulnerabilities > Fedoraproject > Fedora > Low

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2021-3574 Memory Leak vulnerability in multiple products
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
local
low complexity
imagemagick fedoraproject CWE-401
3.3
2022-08-24 CVE-2021-4217 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in unzip.
local
low complexity
unzip-project fedoraproject redhat CWE-476
3.3
2022-08-10 CVE-2022-30629 Use of Insufficiently Random Values vulnerability in multiple products
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
network
high complexity
golang fedoraproject netapp CWE-330
3.1
2022-06-28 CVE-2022-31052 Uncontrolled Recursion vulnerability in multiple products
Synapse is an open source home server implementation for the Matrix chat network.
3.5
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
2.1
2022-06-15 CVE-2022-21123 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
2.1
2022-06-15 CVE-2022-21125 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
2.1
2022-05-18 CVE-2022-30596 Cross-site Scripting vulnerability in multiple products
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
3.5
2022-03-25 CVE-2022-0322 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access.
local
low complexity
linux fedoraproject CWE-704
2.1
2022-03-16 CVE-2021-20257 Infinite Loop vulnerability in multiple products
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU.
local
low complexity
qemu fedoraproject redhat debian CWE-835
2.1