Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-20785 Memory Leak vulnerability in multiple products
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav cisco fedoraproject debian CWE-401
7.5
7.5
2022-05-04 CVE-2022-20796 NULL Pointer Dereference vulnerability in multiple products
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device.
local
low complexity
clamav cisco fedoraproject debian CWE-476
5.5
5.5
2022-05-04 CVE-2022-28487 Memory Leak vulnerability in multiple products
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function.
network
low complexity
broadcom fedoraproject CWE-401
7.5
7.5
2022-05-04 CVE-2022-27470 Out-of-bounds Write vulnerability in multiple products
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid().
local
low complexity
libsdl fedoraproject CWE-787
7.8
7.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
network
low complexity
xmlsoft fedoraproject debian netapp oracle CWE-190
6.5
6.5
2022-05-02 CVE-2021-46790 Out-of-bounds Write vulnerability in multiple products
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
7.8
2022-05-02 CVE-2022-29968 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.17.5.
local
low complexity
linux fedoraproject netapp CWE-909
7.8
7.8
2022-05-01 CVE-2022-25844 The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.
network
low complexity
angularjs fedoraproject netapp
7.5
7.5
2022-04-29 CVE-2022-0984 Incorrect Authorization vulnerability in multiple products
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
network
low complexity
moodle fedoraproject redhat CWE-863
4.3
4.3