Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
 9.8
9.8
2022-06-09 CVE-2022-31813 Insufficient Verification of Data Authenticity vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.
network
low complexity
apache netapp fedoraproject CWE-345
critical
 9.8
9.8
2022-06-09 CVE-2022-28615 Integer Overflow or Wraparound vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
network
low complexity
apache fedoraproject netapp CWE-190
critical
 9.1
9.1
2022-06-08 CVE-2022-1996 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
network
low complexity
go-restful-project fedoraproject CWE-639
critical
 9.1
9.1
2022-06-08 CVE-2022-24065 OS Command Injection vulnerability in multiple products
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection.
network
low complexity
cookiecutter-project fedoraproject CWE-78
critical
 9.8
9.8
2022-06-06 CVE-2022-32511 jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
network
low complexity
jmespath-project fedoraproject
critical
 9.8
9.8
2022-06-02 CVE-2022-31799 Improper Handling of Exceptional Conditions vulnerability in multiple products
Bottle before 0.12.20 mishandles errors during early request binding.
network
low complexity
bottlepy debian fedoraproject CWE-755
critical
 9.8
9.8
2022-05-18 CVE-2022-30600 Incorrect Calculation vulnerability in multiple products
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
network
low complexity
moodle redhat fedoraproject CWE-682
critical
 9.8
9.8
2022-05-18 CVE-2022-30599 SQL Injection vulnerability in multiple products
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle redhat fedoraproject CWE-89
critical
 9.8
9.8
2022-05-16 CVE-2022-1587 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file.
network
low complexity
pcre redhat fedoraproject netapp CWE-125
critical
 9.1
9.1