Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2022-23132 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. | 7.3 |
| 2022-01-13 | CVE-2022-23133 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. | 5.4 |
| 2022-01-13 | CVE-2022-23134 | Improper Authentication vulnerability in multiple products After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. | 5.3 |
| 2022-01-13 | CVE-2022-0196 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | 8.8 |
| 2022-01-13 | CVE-2022-0197 | phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) | 8.8 |
| 2022-01-12 | CVE-2021-43860 | Incorrect Default Permissions vulnerability in multiple products Flatpak is a Linux application sandboxing and distribution framework. | 8.6 |
| 2022-01-12 | CVE-2021-44648 | Out-of-bounds Write vulnerability in multiple products GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12. | 8.8 |
| 2022-01-11 | CVE-2022-0173 | Out-of-bounds Read vulnerability in multiple products radare2 is vulnerable to Out-of-bounds Read | 5.5 |
| 2022-01-11 | CVE-2021-44647 | Type Confusion vulnerability in multiple products Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. | 5.5 |
| 2022-01-10 | CVE-2022-21668 | Improper Validation of Specified Quantity in Input vulnerability in multiple products pipenv is a Python development workflow tool. | 8.6 |