Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2022-23825 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | 2.1 |
| 2022-07-12 | CVE-2022-29900 | Information Exposure vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 2.1 |
| 2022-07-12 | CVE-2022-29901 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. | 1.9 |
| 2022-07-08 | CVE-2022-2345 | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 9.0.0046. | 6.8 |
| 2022-07-08 | CVE-2022-2343 | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | 6.8 |
| 2022-07-07 | CVE-2022-32205 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. | 4.3 |
| 2022-07-07 | CVE-2022-32207 | Incorrect Default Permissions vulnerability in multiple products When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | 7.5 |
| 2022-07-07 | CVE-2022-32208 | Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. | 4.3 |
| 2022-07-06 | CVE-2021-3695 | Out-of-bounds Write vulnerability in multiple products A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. | 4.4 |
| 2022-07-05 | CVE-2022-26365 | Information Exposure vulnerability in multiple products Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). | 3.6 |