Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-18 CVE-2023-39332 Path Traversal vulnerability in multiple products
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects.
network
low complexity
nodejs fedoraproject CWE-22
critical
 9.8
9.8
2023-10-18 CVE-2023-38545 Out-of-bounds Write vulnerability in multiple products
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only.
network
low complexity
haxx fedoraproject netapp microsoft CWE-787
critical
 9.8
9.8
2023-10-06 CVE-2023-45239 A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
network
low complexity
facebook fedoraproject
critical
 9.8
9.8
2023-09-05 CVE-2023-39361 Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject
critical
 9.8
9.8
2023-09-01 CVE-2023-36328 Integer Overflow or Wraparound vulnerability in multiple products
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
network
low complexity
libtom fedoraproject CWE-190
critical
 9.8
9.8
2023-08-31 CVE-2023-40569 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject
critical
 9.8
9.8
2023-08-31 CVE-2023-40567 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject
critical
 9.8
9.8
2023-08-31 CVE-2023-40188 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject
critical
 9.1
9.1
2023-08-31 CVE-2023-40186 Integer Overflow or Wraparound vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject CWE-190
critical
 9.8
9.8
2023-08-31 CVE-2023-40181 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
network
low complexity
freerdp debian fedoraproject
critical
 9.1
9.1