Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2021-33640 Use After Free vulnerability in multiple products
After tar_close(), libtar.c releases the memory pointed to by pointer t.
network
low complexity
huawei fedoraproject CWE-416
critical
 9.8
9.8
2022-12-15 CVE-2022-46393 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
low complexity
arm fedoraproject CWE-787
critical
 9.8
9.8
2022-12-09 CVE-2022-4170 The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
network
low complexity
rxvt-unicode-project fedoraproject
critical
 9.8
9.8
2022-12-06 CVE-2022-24439 Improper Input Validation vulnerability in multiple products
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
network
low complexity
gitpython-project fedoraproject debian CWE-20
critical
 9.8
9.8
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
 9.1
9.1
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
 9.8
9.8
2022-11-10 CVE-2022-45063 Command Injection vulnerability in multiple products
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh.
network
low complexity
invisible-island fedoraproject CWE-77
critical
 9.8
9.8
2022-11-09 CVE-2022-45062 Argument Injection or Modification vulnerability in multiple products
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
network
low complexity
xfce debian fedoraproject CWE-88
critical
 9.8
9.8
2022-11-07 CVE-2022-42920 Out-of-bounds Write vulnerability in multiple products
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics.
network
low complexity
apache fedoraproject CWE-787
critical
 9.8
9.8
2022-11-02 CVE-2022-39379 Deserialization of Untrusted Data vulnerability in multiple products
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on.
network
low complexity
fluentd fedoraproject CWE-502
critical
 9.8
9.8