Vulnerabilities > Fedoraproject > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-10 | CVE-2021-33643 | Out-of-bounds Read vulnerability in multiple products An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | 9.1 |
2022-08-05 | CVE-2022-37434 | Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. | 9.8 |
2022-07-28 | CVE-2021-41556 | Out-of-bounds Read vulnerability in multiple products sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. | 10.0 |
2022-07-28 | CVE-2022-2010 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 9.3 |
2022-07-25 | CVE-2022-35649 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. | 9.8 |
2022-07-25 | CVE-2020-7677 | This affects the package thenify before 3.3.1. | 9.8 |
2022-07-25 | CVE-2022-0670 | A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. | 9.1 |
2022-07-07 | CVE-2022-32207 | Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 9.8 |
2022-06-21 | CVE-2022-2068 | OS Command Injection vulnerability in multiple products In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. | 9.8 |
2022-06-09 | CVE-2022-28615 | Integer Overflow or Wraparound vulnerability in multiple products Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. | 9.1 |