Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
local
low complexity
mariadb fedoraproject
5.5
5.5
2022-02-01 CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
local
low complexity
mariadb fedoraproject
5.5
5.5
2022-02-01 CVE-2021-46664 NULL Pointer Dereference vulnerability in multiple products
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
local
low complexity
mariadb fedoraproject CWE-476
5.5
5.5
2022-02-01 CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
local
low complexity
mariadb fedoraproject
5.5
5.5
2022-02-01 CVE-2021-46667 Integer Overflow or Wraparound vulnerability in multiple products
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
local
low complexity
mariadb fedoraproject CWE-190
5.5
5.5
2022-02-01 CVE-2021-46668 Resource Exhaustion vulnerability in multiple products
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
local
low complexity
mariadb fedoraproject CWE-400
5.5
5.5
2022-02-01 CVE-2021-46669 Use After Free vulnerability in multiple products
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
network
low complexity
mariadb fedoraproject debian CWE-416
7.5
7.5
2022-01-31 CVE-2021-45079 NULL Pointer Dereference vulnerability in multiple products
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
network
low complexity
strongswan debian fedoraproject canonical CWE-476
critical
 9.1
9.1
2022-01-31 CVE-2022-24130 Classic Buffer Overflow vulnerability in multiple products
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. 		5.5
5.5
2022-01-30 CVE-2022-0408 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim fedoraproject debian
7.8
7.8