Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2021-3657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A flaw was found in mbsync versions prior to 1.4.4.
network
low complexity
isync-project fedoraproject redhat debian CWE-119
critical
 9.8
9.8
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-190
critical
 9.8
9.8
2022-02-16 CVE-2021-3773 A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
network
low complexity
linux fedoraproject redhat oracle
critical
 9.8
9.8
2022-02-16 CVE-2021-3781 OS Command Injection vulnerability in multiple products
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command.
network
low complexity
artifex fedoraproject CWE-78
critical
 9.9
9.9
2022-02-16 CVE-2022-0559 Use After Free vulnerability in multiple products
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
network
low complexity
radare fedoraproject CWE-416
critical
 9.8
9.8
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-116
critical
 9.8
9.8
2022-02-14 CVE-2022-0582 NULL Pointer Dereference vulnerability in multiple products
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-476
critical
 9.8
9.8
2022-02-12 CVE-2022-0097 Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.
network
low complexity
google fedoraproject
critical
 9.6
9.6
2022-02-06 CVE-2021-41816 Integer Overflow or Wraparound vulnerability in multiple products
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes.
network
low complexity
ruby-lang fedoraproject CWE-190
critical
 9.8
9.8
2022-02-04 CVE-2022-23614 Code Injection vulnerability in multiple products
Twig is an open source template language for PHP.
network
low complexity
symfony fedoraproject debian CWE-94
critical
 9.8
9.8