Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-20 CVE-2022-39957 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-18 CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-17 CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-14 CVE-2022-40673 Missing Authorization vulnerability in multiple products
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
local
low complexity
kdiskmark-project fedoraproject CWE-862
7.8
7.8
2022-09-14 CVE-2022-40674 Use After Free vulnerability in multiple products
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
network
high complexity
libexpat-project debian fedoraproject CWE-416
8.1
8.1
2022-09-09 CVE-2022-40320 Out-of-bounds Read vulnerability in multiple products
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
network
low complexity
libconfuse-project fedoraproject CWE-125
8.8
8.8
2022-09-09 CVE-2020-10735 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in python.
network
low complexity
python redhat fedoraproject CWE-704
7.5
7.5
2022-09-06 CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
network
low complexity
golang fedoraproject
7.5
7.5
2022-09-05 CVE-2022-39831 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in PSPP 1.6.2.
local
low complexity
gnu fedoraproject CWE-787
7.8
7.8