Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-12 CVE-2022-3171 A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack.
network
low complexity
google fedoraproject
7.5
7.5
2022-10-11 CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability
local
low complexity
microsoft fedoraproject
7.8
7.8
2022-10-06 CVE-2022-41556 Memory Leak vulnerability in multiple products
A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients.
network
low complexity
lighttpd fedoraproject CWE-401
7.5
7.5
2022-09-30 CVE-2022-40313 Cross-site Scripting vulnerability in multiple products
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
network
low complexity
moodle fedoraproject CWE-79
7.1
7.1
2022-09-29 CVE-2022-3352 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
local
low complexity
vim fedoraproject debian CWE-416
7.8
7.8
2022-09-28 CVE-2022-39261 Path Traversal vulnerability in multiple products
Twig is a template language for PHP.
network
low complexity
symfony drupal fedoraproject debian CWE-22
7.5
7.5
2022-09-27 CVE-2022-3324 Stack-based Buffer Overflow vulnerability in multiple products
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
local
low complexity
vim fedoraproject debian CWE-121
7.8
7.8
2022-09-26 CVE-2022-2852 Use After Free vulnerability in multiple products
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2022-09-26 CVE-2022-2853 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2022-09-26 CVE-2022-2854 Race Condition vulnerability in multiple products
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-362
8.8
8.8