Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 87 of 264
CVE-2022-0116MEDIUMCVSS 4.3v34v35+1 more2022-02-12
CVE-2022-0116 [MEDIUM] CVE-2022-0116: Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
nvd
CVE-2022-0120MEDIUMCVSS 6.5v34v35+1 more2022-02-12
CVE-2022-0120 [MEDIUM] CWE-346 CVE-2022-0120: Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote at
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.
nvd
CVE-2022-0112MEDIUMCVSS 4.3v34v35+1 more2022-02-12
CVE-2022-0112 [MEDIUM] CVE-2022-0112: Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.
nvd
CVE-2022-0108MEDIUMCVSS 6.5v34v35+1 more2022-02-12
CVE-2022-0108 [MEDIUM] CWE-346 CVE-2022-0108: Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote a
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2022-0111MEDIUMCVSS 6.5v34v35+1 more2022-02-12
CVE-2022-0111 [MEDIUM] CWE-346 CVE-2022-0111: Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote a
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.
nvd
CVE-2022-24958HIGHCVSS 7.8v34v352022-02-11
CVE-2022-24958 [HIGH] CWE-763 CVE-2022-24958: drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
nvd
CVE-2022-23634MEDIUMCVSS 5.9v35v36+1 more2022-02-11
CVE-2022-23634 [MEDIUM] CWE-200 CVE-2022-23634: Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may no
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing t
nvd
CVE-2022-0561MEDIUMCVSS 5.5v352022-02-11
CVE-2022-0561 [MEDIUM] CWE-476 CVE-2022-0561: Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_d
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
nvd
CVE-2022-0562MEDIUMCVSS 5.5v352022-02-11
CVE-2022-0562 [MEDIUM] CWE-476 CVE-2022-0562: Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dir
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
nvd
CVE-2022-0554HIGHCVSS 7.8v342022-02-10
CVE-2022-0554 [HIGH] CWE-823 CVE-2022-0554: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
nvd
CVE-2022-0391HIGHCVSS 7.5v34v352022-02-09
CVE-2022-0391 [HIGH] CWE-74 CVE-2022-0391: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uni
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection atta
nvd
CVE-2022-0529MEDIUMCVSS 5.5v352022-02-09
CVE-2022-0529 [MEDIUM] CWE-787 CVE-2022-0529: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
nvd
CVE-2022-0530MEDIUMCVSS 5.5v352022-02-09
CVE-2022-0530 [MEDIUM] CVE-2022-0530: A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a loca
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
nvd
CVE-2022-0518HIGHCVSS 7.1v35v362022-02-08
CVE-2022-0518 [HIGH] CWE-122 CVE-2022-0518: Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
nvd
CVE-2022-0523HIGHCVSS 7.8v35v362022-02-08
CVE-2022-0523 [HIGH] CWE-416 CVE-2022-0523: Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
nvd
CVE-2022-0521HIGHCVSS 7.1v35v362022-02-08
CVE-2022-0521 [HIGH] CWE-788 CVE-2022-0521: Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
nvd
CVE-2022-0519HIGHCVSS 7.1v35v362022-02-08
CVE-2022-0519 [HIGH] CWE-805 CVE-2022-0519: Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
nvd
CVE-2022-0522HIGHCVSS 7.1v35v362022-02-08
CVE-2022-0522 [HIGH] CWE-786 CVE-2022-0522: Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.
nvd
CVE-2022-21703HIGHCVSS 8.8v34v35+1 more2022-02-08
CVE-2022-21703 [HIGH] CWE-352 CVE-2022-21703: Grafana is an open-source platform for monitoring and observability. Affected versions are subject t
Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerabil
nvd
CVE-2022-21702MEDIUMCVSS 5.4v34v35+1 more2022-02-08
CVE-2022-21702 [MEDIUM] CWE-79 CVE-2022-21702: Grafana is an open-source platform for monitoring and observability. In affected versions an attacke
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource
nvd