Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-08 CVE-2022-24065 OS Command Injection vulnerability in multiple products
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection.
network
low complexity
cookiecutter-project fedoraproject CWE-78
critical
 9.8
9.8
2022-06-06 CVE-2022-32511 jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
network
low complexity
jmespath-project fedoraproject
critical
 9.8
9.8
2022-06-02 CVE-2022-31799 Improper Handling of Exceptional Conditions vulnerability in multiple products
Bottle before 0.12.20 mishandles errors during early request binding.
network
low complexity
bottlepy debian fedoraproject CWE-755
critical
 9.8
9.8
2022-05-18 CVE-2022-30599 SQL Injection vulnerability in multiple products
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle redhat fedoraproject CWE-89
critical
 9.8
9.8
2022-05-18 CVE-2022-30600 Incorrect Calculation vulnerability in multiple products
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
network
low complexity
moodle redhat fedoraproject CWE-682
critical
 9.8
9.8
2022-05-16 CVE-2022-1586 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file.
network
low complexity
pcre fedoraproject redhat netapp CWE-125
critical
 9.1
9.1
2022-05-16 CVE-2022-1587 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file.
network
low complexity
pcre redhat fedoraproject netapp CWE-125
critical
 9.1
9.1
2022-05-16 CVE-2022-30767 Classic Buffer Overflow vulnerability in multiple products
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow.
network
low complexity
denx fedoraproject CWE-120
critical
 9.8
9.8
2022-05-14 CVE-2022-1379 Server-Side Request Forgery (SSRF) vulnerability in multiple products
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5.
network
low complexity
plantuml fedoraproject CWE-918
critical
 9.1
9.1
2022-05-06 CVE-2022-1053 Improper Input Validation vulnerability in multiple products
Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote.
network
low complexity
keylime fedoraproject CWE-20
critical
 9.1
9.1