Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-3733 | Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. | 6.5 |
| 2022-03-09 | CVE-2022-24349 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. | 4.4 |
| 2022-03-09 | CVE-2022-24917 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. | 4.4 |
| 2022-03-09 | CVE-2022-24918 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. | 4.4 |
| 2022-03-09 | CVE-2022-24919 | Cross-site Scripting vulnerability in multiple products An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. | 4.4 |
| 2022-03-07 | CVE-2022-24737 | HTTPie is a command-line HTTP client. | 6.5 |
| 2022-03-04 | CVE-2021-3744 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). | 5.5 |
| 2022-03-03 | CVE-2021-3638 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. | 6.5 |
| 2022-03-03 | CVE-2021-4002 | Memory Leak vulnerability in multiple products A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. | 4.4 |
| 2022-03-02 | CVE-2021-3623 | Out-of-bounds Write vulnerability in multiple products A flaw was found in libtpms. | 6.1 |