Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-34152 OS Command Injection vulnerability in multiple products
A vulnerability was found in ImageMagick.
network
low complexity
imagemagick fedoraproject redhat CWE-78
critical
 9.8
9.8
2023-05-07 CVE-2023-31047 Improper Input Validation vulnerability in multiple products
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files.
network
low complexity
djangoproject fedoraproject CWE-20
critical
 9.8
9.8
2023-04-19 CVE-2023-2136 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-190
critical
 9.6
9.6
2023-03-31 CVE-2023-29141 An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3.
network
low complexity
mediawiki fedoraproject
critical
 9.8
9.8
2023-03-23 CVE-2023-28333 Code Injection vulnerability in multiple products
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
network
low complexity
moodle fedoraproject CWE-94
critical
 9.8
9.8
2023-03-21 CVE-2023-1529 Out-of-bounds Write vulnerability in multiple products
Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device.
network
low complexity
google fedoraproject CWE-787
critical
 9.8
9.8
2022-12-19 CVE-2021-33640 Use After Free vulnerability in multiple products
After tar_close(), libtar.c releases the memory pointed to by pointer t.
network
low complexity
huawei fedoraproject CWE-416
critical
 9.8
9.8
2022-12-15 CVE-2022-46393 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
low complexity
arm fedoraproject CWE-787
critical
 9.8
9.8
2022-12-09 CVE-2022-4170 The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
network
low complexity
rxvt-unicode-project fedoraproject
critical
 9.8
9.8
2022-12-06 CVE-2022-24439 Improper Input Validation vulnerability in multiple products
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command.
network
low complexity
gitpython-project fedoraproject debian CWE-20
critical
 9.8
9.8