Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-26 CVE-2022-27943 Uncontrolled Recursion vulnerability in multiple products
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
local
low complexity
gnu fedoraproject CWE-674
5.5
5.5
2022-03-25 CVE-2022-27920 Cross-site Scripting vulnerability in multiple products
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter.
network
low complexity
kiwix fedoraproject CWE-79
6.1
6.1
2022-03-25 CVE-2021-3933 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
local
low complexity
openexr fedoraproject debian
5.5
5.5
2022-03-25 CVE-2021-3941 In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value.
local
low complexity
openexr redhat fedoraproject debian
6.5
6.5
2022-03-25 CVE-2021-4147 Improper Locking vulnerability in multiple products
A flaw was found in the libvirt libxl driver.
local
low complexity
redhat fedoraproject netapp CWE-667
6.5
6.5
2022-03-25 CVE-2022-0322 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access.
local
low complexity
linux fedoraproject oracle CWE-704
5.5
5.5
2022-03-24 CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. 5.9
5.9
2022-03-23 CVE-2021-4148 Improper Validation of Integrity Check Value vulnerability in multiple products
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem.
local
low complexity
linux fedoraproject CWE-354
5.5
5.5
2022-03-23 CVE-2022-0996 Improper Authentication vulnerability in multiple products
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
network
low complexity
redhat fedoraproject CWE-287
6.5
6.5
2022-03-23 CVE-2022-0396 Improper Resource Shutdown or Release vulnerability in multiple products
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
network
low complexity
isc fedoraproject netapp siemens CWE-404
5.3
5.3