Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-05 CVE-2021-45115 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.
network
low complexity
djangoproject fedoraproject
7.5
7.5
2022-01-05 CVE-2021-45116 Improper Input Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1.
network
low complexity
djangoproject fedoraproject CWE-20
7.5
7.5
2022-01-01 CVE-2021-41819 Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. 		7.5
7.5
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. 7.5
7.5
2021-12-31 CVE-2021-4192 Use After Free vulnerability in multiple products
vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian apple CWE-416
7.8
7.8
2021-12-30 CVE-2021-4181 Out-of-bounds Read vulnerability in multiple products
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian oracle CWE-125
7.5
7.5
2021-12-30 CVE-2021-4182 Infinite Loop vulnerability in multiple products
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject oracle CWE-835
7.5
7.5
2021-12-30 CVE-2021-4184 Infinite Loop vulnerability in multiple products
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
7.5
2021-12-30 CVE-2021-4185 Infinite Loop vulnerability in multiple products
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian oracle CWE-835
7.5
7.5
2021-12-30 CVE-2021-4186 NULL Pointer Dereference vulnerability in multiple products
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject CWE-476
7.5
7.5