Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-3618 ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates.
network
high complexity
f5 sendmail vsftpd-project fedoraproject debian
7.4
2022-03-23 CVE-2021-3748 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the virtio-net device of QEMU.
7.5
2022-03-23 CVE-2022-27666 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c.
7.8
2022-03-18 CVE-2022-1011 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
7.8
2022-03-18 CVE-2022-27191 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
network
low complexity
golang fedoraproject redhat
7.5
2022-03-16 CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject
7.5
2022-03-15 CVE-2021-45848 Improper Encoding or Escaping of Output vulnerability in multiple products
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
network
low complexity
nicotine-plus fedoraproject CWE-116
7.5
2022-03-15 CVE-2022-0778 Infinite Loop vulnerability in multiple products
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli.
7.5
2022-03-14 CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
local
low complexity
vim fedoraproject debian apple
7.8
2022-03-14 CVE-2022-20001 fish is a command line shell.
local
low complexity
fishshell fedoraproject debian
7.8