Vulnerabilities > Fedoraproject > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-14 | CVE-2022-1379 | Server-Side Request Forgery (SSRF) vulnerability in multiple products URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. | 9.1 |
| 2022-05-06 | CVE-2022-1053 | Improper Input Validation vulnerability in multiple products Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. | 9.1 |
| 2022-05-05 | CVE-2022-29502 | SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. | 9.8 |
| 2022-05-04 | CVE-2022-30292 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. | 10.0 |
| 2022-05-03 | CVE-2022-1292 | OS Command Injection vulnerability in multiple products The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. | 9.8 |
| 2022-04-26 | CVE-2022-24883 | Improper Authentication vulnerability in multiple products FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). | 9.8 |
| 2022-04-22 | CVE-2022-27404 | Out-of-bounds Write vulnerability in multiple products FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | 9.8 |
| 2022-04-19 | CVE-2022-25648 | Argument Injection or Modification vulnerability in multiple products The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. | 9.8 |
| 2022-04-08 | CVE-2022-28805 | Out-of-bounds Read vulnerability in multiple products singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | 9.1 |
| 2022-03-28 | CVE-2022-24303 | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | 9.1 |