Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-3278 | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | 5.5 |
| 2022-09-21 | CVE-2022-2795 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | 5.3 |
| 2022-09-20 | CVE-2022-35957 | Authentication Bypass by Spoofing vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 6.6 |
| 2022-09-18 | CVE-2022-40768 | Use of Uninitialized Resource vulnerability in multiple products drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | 5.5 |
| 2022-09-16 | CVE-2022-30674 | Out-of-bounds Read vulnerability in multiple products Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
| 2022-09-15 | CVE-2022-39209 | Algorithmic Complexity vulnerability in multiple products cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. | 6.5 |
| 2022-09-14 | CVE-2022-40626 | Cross-site Scripting vulnerability in multiple products An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | 6.1 |
| 2022-09-13 | CVE-2021-36568 | Cross-site Scripting vulnerability in multiple products In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). | 5.4 |
| 2022-09-13 | CVE-2022-3190 | Infinite Loop vulnerability in multiple products Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file | 5.5 |
| 2022-09-09 | CVE-2022-36087 | Improper Input Validation vulnerability in multiple products OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. | 6.5 |