Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-14	CVE-2022-32212	OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. network high complexity nodejs debian fedoraproject siemens CWE-78	8.1
2022-07-14	CVE-2022-32213	HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). network low complexity llhttp nodejs fedoraproject siemens debian stormshield CWE-444	6.5
2022-07-14	CVE-2022-32215	HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. network low complexity nodejs llhttp fedoraproject siemens debian stormshield CWE-444	6.5
2022-07-12	CVE-2022-29187	Git is a distributed revision control system. local low complexity git-scm fedoraproject apple debian	7.8
2022-07-12	CVE-2022-29900	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. local low complexity xen debian fedoraproject amd CWE-212	6.5
2022-07-12	CVE-2022-29901	Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. local low complexity intel xen fedoraproject vmware debian CWE-668	6.5
2022-07-08	CVE-2022-2345	Use After Free in GitHub repository vim/vim prior to 9.0.0046. local low complexity vim fedoraproject	7.8
2022-07-08	CVE-2022-2344	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. local low complexity vim fedoraproject	7.8
2022-07-08	CVE-2022-2343	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. local low complexity vim fedoraproject	7.8
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3