Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-18	CVE-2022-0585	Excessive Iteration vulnerability in multiple products Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file network low complexity wireshark fedoraproject debian CWE-834	6.5
2022-02-18	CVE-2022-25313	Uncontrolled Recursion vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. network low complexity libexpat-project debian fedoraproject oracle siemens CWE-674	6.5
2022-02-16	CVE-2022-25258	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. low complexity linux fedoraproject debian netapp CWE-476	4.6
2022-02-16	CVE-2022-0613	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. network low complexity uri-js-project fedoraproject CWE-639	6.5
2022-02-14	CVE-2022-0571	Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. network low complexity phoronix-media fedoraproject	6.1
2022-02-12	CVE-2022-0108	Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. network low complexity google fedoraproject CWE-346	6.5
2022-02-12	CVE-2022-0109	Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. network low complexity google fedoraproject	6.5
2022-02-12	CVE-2022-0110	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. network low complexity google fedoraproject CWE-1021	4.3
2022-02-12	CVE-2022-0111	Origin Validation Error vulnerability in multiple products Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. network low complexity google fedoraproject CWE-346	6.5
2022-02-12	CVE-2022-0112	Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. network low complexity google fedoraproject	4.3