Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-46343 Use After Free vulnerability in multiple products
A vulnerability was found in X.Org.
network
low complexity
x-org fedoraproject debian CWE-416
8.8
8.8
2022-12-14 CVE-2022-46344 Out-of-bounds Read vulnerability in multiple products
A vulnerability was found in X.Org.
network
low complexity
x-org fedoraproject debian CWE-125
8.8
8.8
2022-12-14 CVE-2022-4283 Use After Free vulnerability in multiple products
A vulnerability was found in X.Org.
local
low complexity
x-org fedoraproject redhat debian CWE-416
7.8
7.8
2022-12-13 CVE-2022-4223 Missing Authorization vulnerability in multiple products
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore.
network
low complexity
postgresql fedoraproject CWE-862
8.8
8.8
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu debian fedoraproject CWE-78
7.8
7.8
2022-11-27 CVE-2022-45934 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel through 6.0.10.
local
low complexity
linux fedoraproject netapp debian CWE-190
7.8
7.8
2022-11-25 CVE-2022-4141 Heap-based Buffer Overflow vulnerability in multiple products
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
local
low complexity
vim fedoraproject CWE-122
7.8
7.8
2022-11-23 CVE-2022-44789 Out-of-bounds Write vulnerability in multiple products
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
network
low complexity
artifex debian fedoraproject CWE-787
8.8
8.8
2022-11-18 CVE-2021-33621 Injection vulnerability in multiple products
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting.
network
low complexity
ruby-lang fedoraproject CWE-74
8.8
8.8
2022-11-12 CVE-2022-45188 Out-of-bounds Write vulnerability in multiple products
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file.
local
low complexity
netatalk debian fedoraproject CWE-787
7.8
7.8