High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-28	CVE-2022-2158	Use After Free vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2022-07-28	CVE-2022-2161	Use After Free vulnerability in multiple products Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. network low complexity google fedoraproject CWE-416	8.8
2022-07-28	CVE-2022-2162	Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. network low complexity google fedoraproject	8.8
2022-07-26	CVE-2022-33745	insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. local low complexity xen debian fedoraproject	8.8
2022-07-25	CVE-2022-34749	In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. network low complexity mistune-project fedoraproject	7.5
2022-07-25	CVE-2022-35650	Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. network low complexity moodle fedoraproject CWE-20	7.5
2022-07-24	CVE-2021-46829	Integer Overflow or Wraparound vulnerability in multiple products GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. local low complexity gnome fedoraproject debian CWE-190	7.8
2022-07-19	CVE-2022-34169	Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. network low complexity apache debian oracle fedoraproject netapp azul CWE-681	7.5
2022-07-14	CVE-2022-32323	Out-of-bounds Write vulnerability in multiple products AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. local low complexity autotrace-project fedoraproject CWE-787	7.3
2022-07-14	CVE-2022-32212	OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. network high complexity nodejs debian fedoraproject siemens CWE-78	8.1