Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-25313 | Uncontrolled Recursion vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 6.5 |
| 2022-02-16 | CVE-2022-25258 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. | 4.6 |
| 2022-02-16 | CVE-2022-0613 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | 6.5 |
| 2022-02-14 | CVE-2022-0571 | Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. | 6.1 |
| 2022-02-12 | CVE-2022-0108 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0109 | Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0110 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2022-02-12 | CVE-2022-0111 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. | 6.5 |
| 2022-02-12 | CVE-2022-0112 | Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. | 4.3 |
| 2022-02-12 | CVE-2022-0113 | Origin Validation Error vulnerability in multiple products Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |