Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-3961 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.
network
low complexity
samba redhat fedoraproject CWE-22
critical
9.8
2023-10-18 CVE-2023-39332 Path Traversal vulnerability in multiple products
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects.
network
low complexity
nodejs fedoraproject CWE-22
critical
9.8
2023-10-18 CVE-2023-38545 Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only.
network
low complexity
haxx fedoraproject netapp CWE-787
critical
9.8
2023-10-06 CVE-2023-45239 A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
network
low complexity
facebook fedoraproject
critical
9.8
2023-09-21 CVE-2023-41993 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The issue was addressed with improved checks.
network
low complexity
apple fedoraproject debian CWE-754
critical
9.8
2023-09-05 CVE-2023-39361 SQL Injection vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-89
critical
9.8
2023-09-01 CVE-2023-36328 Integer Overflow or Wraparound vulnerability in multiple products
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
network
low complexity
libtom fedoraproject CWE-190
critical
9.8
2023-08-31 CVE-2023-40569 Out-of-bounds Write vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject CWE-787
critical
9.8
2023-08-31 CVE-2023-40567 Out-of-bounds Write vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject CWE-787
critical
9.8
2023-08-31 CVE-2023-40188 Out-of-bounds Read vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject CWE-125
critical
9.1