Vulnerabilities > Fedoraproject > Fedora > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp CWE-125
critical
9.1
2022-05-16 CVE-2022-30767 Classic Buffer Overflow vulnerability in multiple products
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow.
network
low complexity
denx fedoraproject CWE-120
critical
9.8
2022-05-14 CVE-2022-1379 Server-Side Request Forgery (SSRF) vulnerability in multiple products
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5.
network
low complexity
plantuml fedoraproject CWE-918
critical
9.1
2022-05-06 CVE-2022-1053 Improper Input Validation vulnerability in multiple products
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote.
network
low complexity
keylime fedoraproject CWE-20
critical
9.1
2022-05-05 CVE-2022-29502 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
network
low complexity
schedmd fedoraproject
critical
9.8
2022-05-04 CVE-2022-30292 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
network
low complexity
squirrel-lang fedoraproject CWE-787
critical
10.0
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
9.8
2022-04-26 CVE-2022-24883 Improper Authentication vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP).
network
low complexity
freerdp fedoraproject CWE-287
critical
9.8
2022-04-22 CVE-2022-27404 Out-of-bounds Write vulnerability in multiple products
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
network
low complexity
freetype fedoraproject CWE-787
critical
9.8
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
9.8