Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-27 CVE-2022-24735 Code Injection vulnerability in multiple products
Redis is an in-memory database that persists on disk.
local
low complexity
redis fedoraproject netapp oracle CWE-94
7.8
7.8
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp fedoraproject CWE-787
7.8
7.8
2022-04-26 CVE-2022-24882 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP).
network
low complexity
freerdp fedoraproject
7.5
7.5
2022-04-22 CVE-2022-27405 Out-of-bounds Read vulnerability in multiple products
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
network
low complexity
freetype fedoraproject CWE-125
7.5
7.5
2022-04-22 CVE-2022-27406 Out-of-bounds Read vulnerability in multiple products
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
network
low complexity
freetype fedoraproject CWE-125
7.5
7.5
2022-04-20 CVE-2022-29536 Out-of-bounds Write vulnerability in multiple products
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title.
network
low complexity
gnome fedoraproject debian CWE-787
7.5
7.5
2022-04-20 CVE-2022-24675 Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang fedoraproject
7.5
7.5
2022-04-19 CVE-2022-29153 Server-Side Request Forgery (SSRF) vulnerability in multiple products
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints.
network
low complexity
hashicorp fedoraproject CWE-918
7.5
7.5
2022-04-18 CVE-2022-1381 Heap-based Buffer Overflow vulnerability in multiple products
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763.
local
low complexity
vim fedoraproject apple CWE-122
7.8
7.8