Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-29502 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
network
low complexity
schedmd fedoraproject
critical
 9.8
9.8
2022-05-04 CVE-2022-30292 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
network
low complexity
squirrel-lang fedoraproject CWE-787
critical
 10.0
10
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-04-26 CVE-2022-24883 Improper Authentication vulnerability in multiple products
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP).
network
low complexity
freerdp fedoraproject CWE-287
critical
 9.8
9.8
2022-04-22 CVE-2022-27404 Out-of-bounds Write vulnerability in multiple products
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
network
low complexity
freetype fedoraproject CWE-787
critical
 9.8
9.8
2022-04-19 CVE-2022-25648 Argument Injection or Modification vulnerability in multiple products
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection.
network
low complexity
git fedoraproject debian CWE-88
critical
 9.8
9.8
2022-04-08 CVE-2022-28805 Out-of-bounds Read vulnerability in multiple products
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
network
low complexity
lua fedoraproject CWE-125
critical
 9.1
9.1
2022-03-28 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python fedoraproject
critical
 9.1
9.1
2022-03-25 CVE-2022-22995 Link Following vulnerability in multiple products
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files.
network
low complexity
westerndigital fedoraproject netatalk CWE-59
critical
 9.8
9.8
2022-03-18 CVE-2022-0547 Improper Authentication vulnerability in multiple products
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
network
low complexity
openvpn fedoraproject debian CWE-287
critical
 9.8
9.8