Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2022-36944 Deserialization of Untrusted Data vulnerability in multiple products
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file.
network
low complexity
scala-lang fedoraproject CWE-502
critical
9.8
2022-09-23 CVE-2022-35951 Integer Overflow or Wraparound vulnerability in multiple products
Redis is an in-memory database that persists on disk.
network
low complexity
redis fedoraproject CWE-190
critical
9.8
2022-09-20 CVE-2022-39956 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.
network
low complexity
owasp fedoraproject debian CWE-116
critical
9.8
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject debian
critical
9.8
2022-09-09 CVE-2022-25765 The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
network
low complexity
pdfkit-project fedoraproject
critical
9.8
2022-08-10 CVE-2021-33643 Out-of-bounds Read vulnerability in multiple products
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
network
low complexity
feep huawei fedoraproject CWE-125
critical
9.1
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
9.8
2022-07-28 CVE-2021-41556 Out-of-bounds Read vulnerability in multiple products
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution.
network
low complexity
squirrel-lang fedoraproject CWE-125
critical
10.0
2022-07-28 CVE-2022-2010 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-125
critical
9.3
2022-07-25 CVE-2022-35649 Improper Input Validation vulnerability in multiple products
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code.
network
low complexity
moodle fedoraproject CWE-20
critical
9.8