Fedora

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-19	CVE-2022-3213	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow issue was found in ImageMagick. local low complexity imagemagick fedoraproject CWE-787	5.5
2022-09-18	CVE-2022-3235	Use After Free in GitHub repository vim/vim prior to 9.0.0490. local low complexity vim fedoraproject debian	7.8
2022-09-18	CVE-2022-40768	Use of Uninitialized Resource vulnerability in multiple products drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. local low complexity linux fedoraproject debian CWE-908	5.5
2022-09-17	CVE-2022-3234	Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. local low complexity vim fedoraproject debian	7.8
2022-09-15	CVE-2022-39209	Algorithmic Complexity vulnerability in multiple products cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. network low complexity github fedoraproject CWE-407	6.5
2022-09-14	CVE-2022-40626	Cross-site Scripting vulnerability in multiple products An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. network low complexity zabbix fedoraproject CWE-79	6.1
2022-09-14	CVE-2022-40673	Missing Authorization vulnerability in multiple products KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. local low complexity kdiskmark-project fedoraproject CWE-862	7.8
2022-09-14	CVE-2022-40674	Use After Free vulnerability in multiple products libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. network high complexity libexpat-project debian fedoraproject CWE-416	8.1
2022-09-13	CVE-2021-36568	Cross-site Scripting vulnerability in multiple products In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). network low complexity moodle fedoraproject CWE-79	5.4
2022-09-13	CVE-2022-3190	Infinite Loop vulnerability in multiple products Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file local low complexity wireshark fedoraproject CWE-835	5.5