12.3

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-12	CVE-2022-29048	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. network low complexity jenkins apple CWE-352	4.3
2022-04-12	CVE-2021-28544	Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. network low complexity apache debian fedoraproject apple	4.3
2022-04-12	CVE-2022-24070	Use After Free vulnerability in multiple products Subversion's mod_dav_svn is vulnerable to memory corruption. network low complexity apache debian fedoraproject apple CWE-416	7.5
2022-03-25	CVE-2018-25032	Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. network low complexity zlib debian fedoraproject apple python mariadb netapp siemens azul goto CWE-787	7.5
2022-03-18	CVE-2022-22617	Unspecified vulnerability in Apple mac OS X and Macos A logic issue was addressed with improved state management. local low complexity apple	7.8
2022-03-14	CVE-2022-0943	Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. local low complexity vim fedoraproject debian apple	7.8
2022-03-14	CVE-2022-22719	Improper Initialization vulnerability in multiple products A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. network low complexity apache debian fedoraproject oracle apple CWE-665	7.5
2022-03-14	CVE-2022-22720	HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling network low complexity apache fedoraproject debian oracle apple CWE-444 critical	9.8
2022-03-14	CVE-2022-22721	Integer Overflow or Wraparound vulnerability in multiple products If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. network low complexity apache fedoraproject debian oracle apple CWE-190 critical	9.1
2022-03-13	CVE-2022-26981	Classic Buffer Overflow vulnerability in multiple products Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). local low complexity liblouis fedoraproject apple CWE-120	7.8