Vulnerabilities > Fedoraproject > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | 7.5 |
| 2022-04-19 | CVE-2022-29153 | Server-Side Request Forgery (SSRF) vulnerability in multiple products HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. | 7.5 |
| 2022-04-18 | CVE-2022-1381 | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. | 7.8 |
| 2022-04-15 | CVE-2022-28042 | Use After Free vulnerability in multiple products stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | 8.8 |
| 2022-04-15 | CVE-2022-28048 | Incorrect Calculation vulnerability in multiple products STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | 8.8 |
| 2022-04-14 | CVE-2022-1304 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. | 7.8 |
| 2022-04-13 | CVE-2022-24828 | Argument Injection or Modification vulnerability in multiple products Composer is a dependency manager for the PHP programming language. | 8.8 |
| 2022-04-13 | CVE-2015-20107 | Command Injection vulnerability in multiple products In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. | 7.6 |
| 2022-04-12 | CVE-2022-24070 | Use After Free vulnerability in multiple products Subversion's mod_dav_svn is vulnerable to memory corruption. | 7.5 |
| 2022-04-12 | CVE-2022-24765 | Git for Windows is a fork of Git containing Windows-specific patches. | 7.8 |