Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-28	CVE-2022-2160	Race Condition vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. network low complexity google fedoraproject CWE-362	6.5
2022-07-28	CVE-2022-2164	Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. network low complexity google fedoraproject	6.3
2022-07-28	CVE-2022-2165	Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. network low complexity google fedoraproject	4.3
2022-07-25	CVE-2022-35651	Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. network low complexity moodle redhat fedoraproject CWE-79	6.1
2022-07-25	CVE-2022-35652	Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. network low complexity moodle fedoraproject CWE-601	6.1
2022-07-25	CVE-2022-35653	Cross-site Scripting vulnerability in multiple products A reflected XSS issue was identified in the LTI module of Moodle. network low complexity moodle fedoraproject redhat CWE-79	6.1
2022-07-20	CVE-2022-31160	jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. network low complexity jqueryui netapp drupal fedoraproject debian	6.1
2022-07-19	CVE-2022-2476	A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. local low complexity wavpack fedoraproject	5.5
2022-07-14	CVE-2022-23825	Exposure of Resource to Wrong Sphere vulnerability in multiple products Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. local low complexity debian fedoraproject amd vmware CWE-668	6.5
2022-07-14	CVE-2022-32213	HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). network low complexity llhttp nodejs fedoraproject siemens debian stormshield CWE-444	6.5