Vulnerabilities > Fedoraproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-3080 | By sending specific queries to the resolver, an attacker can cause named to crash. | 7.5 |
| 2022-09-20 | CVE-2022-32886 | Out-of-bounds Write vulnerability in multiple products A buffer overflow issue was addressed with improved memory handling. | 8.8 |
| 2022-09-20 | CVE-2022-39957 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. | 7.5 |
| 2022-09-20 | CVE-2022-39958 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. | 7.5 |
| 2022-09-18 | CVE-2022-3235 | Use After Free vulnerability in multiple products Use After Free in GitHub repository vim/vim prior to 9.0.0490. | 7.8 |
| 2022-09-17 | CVE-2022-3234 | Heap-based Buffer Overflow vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | 7.8 |
| 2022-09-14 | CVE-2022-40673 | Missing Authorization vulnerability in multiple products KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | 7.8 |
| 2022-09-14 | CVE-2022-40674 | Use After Free vulnerability in multiple products libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 |
| 2022-09-13 | CVE-2022-38013 | .NET Core and Visual Studio Denial of Service Vulnerability | 7.5 |
| 2022-09-09 | CVE-2022-40320 | Out-of-bounds Read vulnerability in multiple products cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. | 8.8 |