Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-20 CVE-2022-3620 A vulnerability was found in Exim and classified as problematic.
network
low complexity
exim fedoraproject
critical
 9.8
9.8
2022-10-07 CVE-2022-3275 Command injection is possible in the puppetlabs-apt module prior to version 9.0.0.
network
low complexity
puppet fedoraproject
critical
 9.8
9.8
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
 9.8
9.8
2022-09-26 CVE-2022-3075 Improper Input Validation vulnerability in multiple products
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-20
critical
 9.6
9.6
2022-09-26 CVE-2022-21797 The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
network
low complexity
joblib-project fedoraproject debian
critical
 9.8
9.8
2022-09-23 CVE-2022-36944 Deserialization of Untrusted Data vulnerability in multiple products
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file.
network
low complexity
scala-lang fedoraproject CWE-502
critical
 9.8
9.8
2022-09-23 CVE-2022-35951 Integer Overflow or Wraparound vulnerability in multiple products
Redis is an in-memory database that persists on disk.
network
low complexity
redis fedoraproject CWE-190
critical
 9.8
9.8
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2022-09-20 CVE-2022-39956 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.
network
low complexity
owasp fedoraproject debian CWE-116
critical
 9.8
9.8
2022-09-09 CVE-2022-25765 The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
network
low complexity
pdfkit-project fedoraproject
critical
 9.8
9.8