Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-01 | CVE-2021-45958 | Out-of-bounds Write vulnerability in multiple products UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). | 5.5 |
| 2021-12-31 | CVE-2021-4193 | vim is vulnerable to Out-of-bounds Read | 5.5 |
| 2021-12-30 | CVE-2021-4183 | Out-of-bounds Read vulnerability in multiple products Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | 5.5 |
| 2021-12-28 | CVE-2021-44832 | Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 6.6 |
| 2021-12-24 | CVE-2021-45471 | In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | 5.3 |
| 2021-12-24 | CVE-2021-45472 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | 6.1 |
| 2021-12-24 | CVE-2021-45473 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | 6.1 |
| 2021-12-24 | CVE-2021-45474 | Cross-site Scripting vulnerability in multiple products In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | 6.1 |
| 2021-12-23 | CVE-2021-3622 | A flaw was found in the hivex library. | 4.3 |
| 2021-12-23 | CVE-2021-4024 | Origin Validation Error vulnerability in multiple products A flaw was found in podman. | 6.5 |