Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-24675 Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang fedoraproject
7.5
7.5
2022-04-19 CVE-2022-29153 Server-Side Request Forgery (SSRF) vulnerability in multiple products
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints.
network
low complexity
hashicorp fedoraproject CWE-918
7.5
7.5
2022-04-18 CVE-2022-1381 Heap-based Buffer Overflow vulnerability in multiple products
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763.
local
low complexity
vim fedoraproject apple CWE-122
7.8
7.8
2022-04-15 CVE-2022-28042 Use After Free vulnerability in multiple products
stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode.
network
low complexity
nothings fedoraproject debian CWE-416
8.8
8.8
2022-04-15 CVE-2022-28048 Incorrect Calculation vulnerability in multiple products
STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.
network
low complexity
stb-project fedoraproject CWE-682
8.8
8.8
2022-04-14 CVE-2022-1304 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. 		7.8
7.8
2022-04-13 CVE-2022-24828 Argument Injection or Modification vulnerability in multiple products
Composer is a dependency manager for the PHP programming language.
network
low complexity
getcomposer tenable fedoraproject CWE-88
8.8
8.8
2022-04-13 CVE-2015-20107 Command Injection vulnerability in multiple products
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file.
network
low complexity
python netapp fedoraproject CWE-77
7.6
7.6
2022-04-12 CVE-2022-24070 Use After Free vulnerability in multiple products
Subversion's mod_dav_svn is vulnerable to memory corruption.
network
low complexity
apache debian fedoraproject apple CWE-416
7.5
7.5