Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23035 Incomplete Cleanup vulnerability in multiple products
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device.
low complexity
xen fedoraproject debian CWE-459
4.6
2022-01-25 CVE-2021-45343 NULL Pointer Dereference vulnerability in multiple products
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.
local
low complexity
librecad fedoraproject debian CWE-476
5.5
2022-01-20 CVE-2022-21658 Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency.
local
high complexity
rust-lang fedoraproject apple
6.3
2022-01-18 CVE-2022-21673 Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana fedoraproject
4.3
2022-01-16 CVE-2022-0238 phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
phoronix-media fedoraproject
4.3
2022-01-14 CVE-2021-46019 NULL Pointer Dereference vulnerability in multiple products
An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-476
5.5
2022-01-14 CVE-2021-46021 Use After Free vulnerability in multiple products
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-416
5.5
2022-01-14 CVE-2021-46022 Use After Free vulnerability in multiple products
An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.
local
low complexity
gnu fedoraproject CWE-416
5.5
2022-01-13 CVE-2022-21682 Path Traversal vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
network
low complexity
flatpak fedoraproject redhat debian CWE-22
6.5
2022-01-13 CVE-2022-23133 Cross-site Scripting vulnerability in multiple products
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.
network
low complexity
zabbix fedoraproject CWE-79
5.4