Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-05 CVE-2022-33742 Information Exposure vulnerability in multiple products
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740).
local
low complexity
fedoraproject debian linux xen CWE-200
7.1
7.1
2022-07-05 CVE-2022-2309 NULL Pointer Dereference vulnerability in multiple products
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash).
network
low complexity
lxml fedoraproject CWE-476
7.5
7.5
2022-07-03 CVE-2022-2289 Use After Free vulnerability in multiple products
Use After Free in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject CWE-416
7.8
7.8
2022-07-03 CVE-2022-2288 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject CWE-787
7.8
7.8
2022-07-02 CVE-2022-2287 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject CWE-125
7.1
7.1
2022-07-02 CVE-2022-2286 Out-of-bounds Read vulnerability in multiple products
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject CWE-125
7.8
7.8
2022-07-02 CVE-2022-2285 Integer Overflow or Wraparound vulnerability in multiple products
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject debian CWE-190
7.8
7.8
2022-07-02 CVE-2022-2284 Heap-based Buffer Overflow vulnerability in multiple products
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
local
low complexity
vim fedoraproject CWE-122
7.8
7.8
2022-07-01 CVE-2022-32081 Use After Free vulnerability in multiple products
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
network
low complexity
mariadb fedoraproject CWE-416
7.5
7.5
2022-07-01 CVE-2022-32082 Reachable Assertion vulnerability in multiple products
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
network
low complexity
mariadb fedoraproject CWE-617
7.5
7.5