Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2022-09-20 CVE-2022-35957 Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana fedoraproject
6.6
6.6
2022-09-20 CVE-2022-32886 Out-of-bounds Write vulnerability in multiple products
A buffer overflow issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-787
8.8
8.8
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2022-09-20 CVE-2022-39956 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.
network
low complexity
owasp fedoraproject debian CWE-116
critical
 9.8
9.8
2022-09-20 CVE-2022-39957 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
7.5
2022-09-19 CVE-2022-3213 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow issue was found in ImageMagick.
local
low complexity
imagemagick fedoraproject CWE-787
5.5
5.5
2022-09-18 CVE-2022-3235 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
local
low complexity
vim fedoraproject debian
7.8
7.8
2022-09-18 CVE-2022-40768 Use of Uninitialized Resource vulnerability in multiple products
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
local
low complexity
linux fedoraproject debian CWE-908
5.5
5.5
2022-09-17 CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
local
low complexity
vim fedoraproject debian
7.8
7.8