Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-08 CVE-2022-28805 Out-of-bounds Read vulnerability in multiple products
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
network
low complexity
lua fedoraproject CWE-125
critical
 9.1
9.1
2022-03-28 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python fedoraproject
critical
 9.1
9.1
2022-03-25 CVE-2022-22995 Link Following vulnerability in multiple products
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files.
network
low complexity
westerndigital fedoraproject netatalk CWE-59
critical
 9.8
9.8
2022-03-18 CVE-2022-0547 Improper Authentication vulnerability in multiple products
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
network
low complexity
openvpn fedoraproject debian CWE-287
critical
 9.8
9.8
2022-03-14 CVE-2022-23943 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.
network
low complexity
apache fedoraproject debian oracle CWE-787
critical
 9.8
9.8
2022-03-14 CVE-2022-22721 Integer Overflow or Wraparound vulnerability in multiple products
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.
network
low complexity
apache fedoraproject debian oracle apple CWE-190
critical
 9.1
9.1
2022-03-14 CVE-2022-22720 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
network
low complexity
apache fedoraproject debian oracle apple CWE-444
critical
 9.8
9.8
2022-03-11 CVE-2022-0860 Improper Authorization vulnerability in multiple products
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
network
low complexity
cobbler-project fedoraproject CWE-285
critical
 9.1
9.1
2022-03-06 CVE-2022-26496 Out-of-bounds Write vulnerability in multiple products
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow.
network
low complexity
network-block-device-project debian fedoraproject CWE-787
critical
 9.8
9.8
2022-03-06 CVE-2022-26495 Integer Overflow or Wraparound vulnerability in multiple products
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow.
network
low complexity
network-block-device-project debian fedoraproject CWE-190
critical
 9.8
9.8