Vulnerabilities > Fedoraproject > Fedora > 37

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2021-33644 Out-of-bounds Read vulnerability in multiple products
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
network
low complexity
feep huawei fedoraproject CWE-125
8.1
8.1
2022-08-10 CVE-2021-33645 Memory Leak vulnerability in multiple products
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
network
low complexity
feep huawei fedoraproject CWE-401
7.5
7.5
2022-08-10 CVE-2021-33646 Memory Leak vulnerability in multiple products
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
network
low complexity
feep huawei fedoraproject CWE-401
7.5
7.5
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
 9.8
9.8
2022-07-28 CVE-2022-2007 Use After Free vulnerability in multiple products
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2022-07-28 CVE-2022-2008 Double Free vulnerability in multiple products
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-415
8.8
8.8
2022-07-28 CVE-2022-2010 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-125
critical
 9.3
9.3
2022-07-28 CVE-2022-2011 Use After Free vulnerability in multiple products
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2022-07-25 CVE-2022-34749 In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases.
network
low complexity
mistune-project fedoraproject
7.5
7.5
2022-07-25 CVE-2020-7677 This affects the package thenify before 3.3.1.
network
low complexity
thenify-project debian fedoraproject
critical
 9.8
9.8