Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-04 CVE-2022-24191 Infinite Loop vulnerability in multiple products
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
local
low complexity
htmldoc-project fedoraproject CWE-835
5.5
5.5
2022-04-03 CVE-2022-28388 Double Free vulnerability in multiple products
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux debian fedoraproject netapp CWE-415
5.5
5.5
2022-04-03 CVE-2022-28389 Double Free vulnerability in multiple products
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
local
low complexity
linux fedoraproject debian netapp CWE-415
5.5
5.5
2022-03-30 CVE-2022-28202 Cross-site Scripting vulnerability in multiple products
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki fedoraproject debian CWE-79
6.1
6.1
2022-03-29 CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files.
local
low complexity
uclouvain fedoraproject debian
5.5
5.5
2022-03-28 CVE-2022-26280 Out-of-bounds Read vulnerability in multiple products
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
network
high complexity
libarchive fedoraproject CWE-125
6.5
6.5
2022-03-26 CVE-2022-27939 Reachable Assertion vulnerability in multiple products
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.
local
low complexity
broadcom fedoraproject CWE-617
5.5
5.5
2022-03-26 CVE-2022-27943 Uncontrolled Recursion vulnerability in multiple products
libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
local
low complexity
gnu fedoraproject CWE-674
5.5
5.5
2022-03-25 CVE-2022-27920 Cross-site Scripting vulnerability in multiple products
libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter.
network
low complexity
kiwix fedoraproject CWE-79
6.1
6.1
2022-03-25 CVE-2021-3933 An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits.
local
low complexity
openexr fedoraproject debian
5.5
5.5