Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-12	CVE-2022-29900	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. local low complexity xen debian fedoraproject amd CWE-212	6.5
2022-07-12	CVE-2022-29901	Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. local low complexity intel xen fedoraproject vmware debian CWE-668	6.5
2022-07-07	CVE-2022-32205	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. network low complexity haxx fedoraproject debian netapp apple siemens splunk CWE-770	4.3
2022-07-07	CVE-2022-32206	Allocation of Resources Without Limits or Throttling vulnerability in multiple products curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. network low complexity haxx fedoraproject debian netapp siemens splunk CWE-770	6.5
2022-07-07	CVE-2022-32208	Out-of-bounds Write vulnerability in multiple products When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. network high complexity haxx fedoraproject debian netapp apple splunk CWE-787	5.9
2022-07-06	CVE-2021-3695	Out-of-bounds Write vulnerability in multiple products A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. local high complexity gnu fedoraproject redhat netapp CWE-787	4.5
2022-07-05	CVE-2022-31117	UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. network high complexity ultrajson-project fedoraproject	5.9
2022-07-05	CVE-2022-2097	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. network low complexity openssl fedoraproject netapp siemens debian CWE-327	5.3
2022-07-02	CVE-2022-34911	Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. network low complexity mediawiki fedoraproject CWE-79	6.1
2022-07-02	CVE-2022-34912	An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. network low complexity mediawiki fedoraproject	6.1