fedoraproject

5,420 tracked vulnerabilities.

CVE-2022-26357 HIGH
Xen 4.11.0-4.11.99 - Race Condition in VT-d Domain ID Cleanup
Apr 05, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-26356 MEDIUM
Xen 4.0.0-4.11.x - Memory Leak via Racy Dirty VRAM Tracking and Paging Log Dirty Hypercalls
Apr 05, 2022
CVSS 5.6
EPSS 0.00
CVE-2022-27651 MEDIUM
buildah < 1.25.0 - Incorrect Default Permissions
Apr 04, 2022
CVSS 6.8
EPSS 0.00
CVE-2022-27650 HIGH
crun < 1.4.4 - Incorrect Default Permissions
Apr 04, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27649 HIGH
Podman < 4.0.3 - Incorrect Default Permissions
Apr 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24801 HIGH
Twisted < 22.4.0 - HTTP Request Smuggling via Non-Conformant HTTP Request Parsing
Apr 04, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24785 HIGH
Moment.js 1.0.1-2.29.1 - Path Traversal via Locale Switching
Apr 04, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-24191 MEDIUM
htmldoc 1.9.14 - Infinite Loop and Buffer Overflow via GIF LZW Decompression
Apr 04, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-28390 HIGH
Linux kernel <5.17.1 - Memory Corruption
Apr 03, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-28389 MEDIUM
Linux kernel <5.17.1 - Use After Free
Apr 03, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-28388 MEDIUM
Linux kernel <5.17.1 - Use After Free
Apr 03, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-24790 CRITICAL
Puma < 4.3.12 and 5.0.0-5.6.4 - HTTP Request Smuggling via Proxy Request Parsing Discrepancy
Mar 30, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-1160 HIGH
vim < 8.2.4647 - Heap-based Buffer Overflow in get_one_sourceline
Mar 30, 2022
CVSS 7.8
EPSS 0.01
CVE-2022-1154 HIGH
vim < 8.2.4646 - Use-After-Free in utf_ptr2char
Mar 30, 2022
CVSS 7.8
EPSS 0.02
CVE-2022-28202 MEDIUM
MediaWiki < 1.35.6, 1.36.x < 1.36.4, 1.37.x < 1.37.2 - Cross-Site Scripting via Gallery and Special:RevisionDelete
Mar 30, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-1122 MEDIUM
openjpeg2 2.4.0 - Denial of Service via Uninitialized Pointer Free
Mar 29, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-1055 HIGH
Linux Kernel 5.1-5.17 - Use-After-Free in tc_new_tfilter
Mar 29, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-26280 MEDIUM
Libarchive <3.6.0 - Info Disclosure
Mar 28, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-24303 CRITICAL
Pillow < 9.0.1 - Arbitrary File Deletion via Temporary Pathname Mishandling
Mar 28, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-27943 MEDIUM
GNU GCC 11.2 - Stack Exhaustion via Rust Demangler Recursion
Mar 26, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-27942 HIGH
Tcpreplay 4.4.1 - Heap-Based Buffer Over-Read in parse_mpls
Mar 26, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-27941 HIGH
Tcpreplay 4.4.1 - Heap-Based Buffer Over-Read in get_l2len_protocol
Mar 26, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-27940 HIGH
Tcpreplay 4.4.1 - Heap-Based Buffer Over-Read in get_ipv6_next
Mar 26, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-27939 MEDIUM
Tcpreplay 4.4.1 - Reachable Assertion in get_layer4_v6
Mar 26, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-22995 CRITICAL
Western Digital My Cloud Firmware < 5.19.117 - Arbitrary File Write via SMB and AFP Primitives
Mar 25, 2022
CVSS 10.0
EPSS 0.00
Products
fedora 5,351 extra_packages_for_enterprise_linux 76 389_directory_server 39 sssd 18 fedora_core 8 389_administration_server 1 anaconda 1 arm_installer 1 commons 1 coolkey 1 crypto-utils 1 fedmsg 1 fedora_linux_kernel 1 python-fedora 1 sectool 1 selinux-policy 1 spin-kickstarts 1 supybot-fedora 1 unbound 1
Quick Filters
Critical CVEs With Exploits In CISA KEV