Vulnerabilities > Fedoraproject > Fedora > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-04 | CVE-2021-40403 | Missing Initialization of a Variable vulnerability in multiple products An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. | 6.3 |
2022-02-03 | CVE-2022-22818 | Cross-site Scripting vulnerability in multiple products The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. | 6.1 |
2022-02-01 | CVE-2022-0419 | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | 5.5 |
2022-02-01 | CVE-2021-46661 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | 5.5 |
2022-02-01 | CVE-2021-46663 | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. | 5.5 |
2022-02-01 | CVE-2021-46664 | NULL Pointer Dereference vulnerability in multiple products MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | 5.5 |
2022-02-01 | CVE-2021-46665 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | 5.5 |
2022-02-01 | CVE-2021-46667 | Integer Overflow or Wraparound vulnerability in multiple products MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. | 5.5 |
2022-02-01 | CVE-2021-46668 | Resource Exhaustion vulnerability in multiple products MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | 5.5 |
2022-01-31 | CVE-2022-24130 | Classic Buffer Overflow vulnerability in multiple products xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | 5.5 |