Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
9.1
2022-11-10 CVE-2022-45063 Command Injection vulnerability in multiple products
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh.
network
low complexity
invisible-island fedoraproject CWE-77
critical
9.8
2022-11-08 CVE-2022-39377 Incorrect Calculation of Buffer Size vulnerability in multiple products
sysstat is a set of system performance tools for the Linux operating system.
network
low complexity
sysstat-project debian fedoraproject CWE-131
critical
9.8
2022-10-29 CVE-2022-42915 Double Free vulnerability in multiple products
curl before 7.86.0 has a double free.
network
low complexity
haxx fedoraproject CWE-415
critical
9.8
2022-10-21 CVE-2022-37454 Integer Overflow or Wraparound vulnerability in multiple products
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
9.8
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
9.8
2022-09-26 CVE-2022-3075 Improper Input Validation vulnerability in multiple products
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-20
critical
9.6
2022-09-23 CVE-2022-36944 Deserialization of Untrusted Data vulnerability in multiple products
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file.
network
low complexity
scala-lang fedoraproject CWE-502
critical
9.8
2022-09-23 CVE-2022-35951 Integer Overflow or Wraparound vulnerability in multiple products
Redis is an in-memory database that persists on disk.
network
low complexity
redis fedoraproject CWE-190
critical
9.8
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject
critical
9.8