Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2022-04-22 CVE-2022-27405 Out-of-bounds Read vulnerability in multiple products
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
network
low complexity
freetype fedoraproject CWE-125
7.5
7.5
2022-04-22 CVE-2022-27406 Out-of-bounds Read vulnerability in multiple products
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
network
low complexity
freetype fedoraproject CWE-125
7.5
7.5
2022-04-21 CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
local
low complexity
vim fedoraproject apple
5.5
5.5
2022-04-20 CVE-2022-29536 Out-of-bounds Write vulnerability in multiple products
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title.
network
low complexity
gnome fedoraproject debian CWE-787
7.5
7.5
2022-04-20 CVE-2022-24675 Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang fedoraproject
7.5
7.5
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
 9.8
9.8
2022-04-19 CVE-2022-29153 Server-Side Request Forgery (SSRF) vulnerability in multiple products
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints.
network
low complexity
hashicorp fedoraproject CWE-918
7.5
7.5
2022-04-18 CVE-2021-42778 Double Free vulnerability in multiple products
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
network
low complexity
opensc-project fedoraproject redhat CWE-415
5.3
5.3
2022-04-18 CVE-2021-42779 Use After Free vulnerability in multiple products
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
network
low complexity
opensc-project fedoraproject redhat CWE-416
5.3
5.3