Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2021-33643 Out-of-bounds Read vulnerability in multiple products
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
network
low complexity
feep openatom fedoraproject CWE-125
critical
 9.1
9.1
2022-08-05 CVE-2022-37434 Out-of-bounds Write vulnerability in multiple products
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.
network
low complexity
zlib fedoraproject debian netapp apple stormshield CWE-787
critical
 9.8
9.8
2022-07-28 CVE-2021-41556 Out-of-bounds Read vulnerability in multiple products
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution.
network
low complexity
squirrel-lang fedoraproject CWE-125
critical
 10.0
10
2022-07-28 CVE-2022-2010 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-125
critical
 9.3
9.3
2022-07-25 CVE-2022-35649 Improper Input Validation vulnerability in multiple products
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code.
network
low complexity
moodle fedoraproject CWE-20
critical
 9.8
9.8
2022-07-25 CVE-2020-7677 This affects the package thenify before 3.3.1.
network
low complexity
thenify-project debian fedoraproject
critical
 9.8
9.8
2022-07-25 CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system.
network
low complexity
linuxfoundation redhat fedoraproject
critical
 9.1
9.1
2022-07-07 CVE-2022-32207 Incorrect Default Permissions vulnerability in multiple products
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
network
low complexity
haxx fedoraproject debian netapp apple splunk CWE-276
critical
 9.8
9.8
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian fedoraproject siemens netapp broadcom CWE-78
critical
 9.8
9.8
2022-06-09 CVE-2022-28615 Integer Overflow or Wraparound vulnerability in multiple products
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.
network
low complexity
apache fedoraproject netapp CWE-190
critical
 9.1
9.1