Vulnerabilities > Fedoraproject > Fedora > 36

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2022-24883 Improper Authentication vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP).
network
low complexity
freerdp fedoraproject CWE-287
critical
 9.8
9.8
2022-04-25 CVE-2022-28506 Out-of-bounds Write vulnerability in multiple products
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
local
low complexity
giflib-project fedoraproject CWE-787
5.5
5.5
2022-04-22 CVE-2022-27404 Out-of-bounds Write vulnerability in multiple products
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
network
low complexity
freetype fedoraproject CWE-787
critical
 9.8
9.8
2022-04-22 CVE-2022-27405 Out-of-bounds Read vulnerability in multiple products
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
network
low complexity
freetype fedoraproject CWE-125
7.5
7.5
2022-04-22 CVE-2022-27406 Out-of-bounds Read vulnerability in multiple products
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
network
low complexity
freetype fedoraproject CWE-125
7.5
7.5
2022-04-20 CVE-2022-29536 Out-of-bounds Write vulnerability in multiple products
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title.
network
low complexity
gnome fedoraproject debian CWE-787
7.5
7.5
2022-04-20 CVE-2022-24675 Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang fedoraproject
7.5
7.5
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
 9.8
9.8
2022-04-18 CVE-2022-1381 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763.
local
low complexity
vim fedoraproject apple
7.8
7.8