Vulnerabilities > Fedoraproject > Fedora > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-02 | CVE-2022-39379 | Deserialization of Untrusted Data vulnerability in multiple products Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. | 9.8 |
2022-10-24 | CVE-2021-46848 | Off-by-one Error vulnerability in multiple products GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | 9.1 |
2022-10-21 | CVE-2022-37454 | Integer Overflow or Wraparound vulnerability in multiple products The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. network low complexity extended-keccak-code-package-project debian fedoraproject php python sha3-project pysha3-project pypy CWE-190 critical | 9.8 |
2022-10-20 | CVE-2022-3620 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in Exim and classified as problematic. | 9.8 |
2022-10-07 | CVE-2022-3275 | Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. | 9.8 |
2022-09-30 | CVE-2022-40315 | SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 |
2022-09-26 | CVE-2022-3075 | Improper Input Validation vulnerability in multiple products Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2022-09-26 | CVE-2022-21797 | The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. | 9.8 |
2022-09-23 | CVE-2022-36944 | Deserialization of Untrusted Data vulnerability in multiple products Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. | 9.8 |
2022-09-23 | CVE-2022-35951 | Integer Overflow or Wraparound vulnerability in multiple products Redis is an in-memory database that persists on disk. | 9.8 |