Vulnerabilities > Fedoraproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-30 | CVE-2021-4190 | Excessive Iteration vulnerability in multiple products Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file | 7.5 |
| 2021-12-29 | CVE-2021-23727 | Command Injection vulnerability in multiple products This affects the package celery before 5.2.2. | 7.5 |
| 2021-12-29 | CVE-2021-4187 | Use After Free vulnerability in multiple products vim is vulnerable to Use After Free | 7.8 |
| 2021-12-27 | CVE-2021-4173 | Use After Free vulnerability in multiple products vim is vulnerable to Use After Free | 7.8 |
| 2021-12-25 | CVE-2021-4166 | Out-of-bounds Read vulnerability in multiple products vim is vulnerable to Out-of-bounds Read | 7.1 |
| 2021-12-23 | CVE-2021-3621 | OS Command Injection vulnerability in multiple products A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. | 8.8 |
| 2021-12-23 | CVE-2021-45469 | Out-of-bounds Read vulnerability in multiple products In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | 7.8 |
| 2021-12-23 | CVE-2021-45463 | load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. | 7.8 |
| 2021-12-23 | CVE-2021-38005 | Use After Free vulnerability in multiple products Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-12-23 | CVE-2021-38006 | Use After Free vulnerability in multiple products Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |