Vulnerabilities > Fedoraproject > Fedora > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-25 | CVE-2022-45152 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. | 9.1 |
| 2022-11-10 | CVE-2022-45063 | Command Injection vulnerability in multiple products xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. | 9.8 |
| 2022-11-08 | CVE-2022-39377 | Incorrect Calculation of Buffer Size vulnerability in multiple products sysstat is a set of system performance tools for the Linux operating system. | 9.8 |
| 2022-10-29 | CVE-2022-42915 | Double Free vulnerability in multiple products curl before 7.86.0 has a double free. | 9.8 |
| 2022-10-21 | CVE-2022-37454 | Integer Overflow or Wraparound vulnerability in multiple products The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. network low complexity extended-keccak-code-package-project debian fedoraproject php python sha3-project pysha3-project pypy CWE-190 critical | 9.8 |
| 2022-09-30 | CVE-2022-40315 | SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 |
| 2022-09-26 | CVE-2022-3075 | Improper Input Validation vulnerability in multiple products Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2022-09-23 | CVE-2022-36944 | Deserialization of Untrusted Data vulnerability in multiple products Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. | 9.8 |
| 2022-09-23 | CVE-2022-35951 | Integer Overflow or Wraparound vulnerability in multiple products Redis is an in-memory database that persists on disk. | 9.8 |
| 2022-09-20 | CVE-2022-39955 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. | 9.8 |