Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-26 CVE-2022-3056 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
network
low complexity
google fedoraproject
6.5
6.5
2022-09-26 CVE-2022-3057 Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject
6.5
6.5
2022-09-26 CVE-2022-3201 Improper Input Validation vulnerability in multiple products
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-20
5.4
5.4
2022-09-23 CVE-2022-3278 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
local
low complexity
vim fedoraproject
5.5
5.5
2022-09-21 CVE-2022-2795 By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
network
low complexity
isc debian fedoraproject
5.3
5.3
2022-09-20 CVE-2022-35957 Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana fedoraproject
6.6
6.6
2022-09-19 CVE-2022-3213 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow issue was found in ImageMagick.
local
low complexity
imagemagick fedoraproject CWE-787
5.5
5.5
2022-09-18 CVE-2022-40768 Use of Uninitialized Resource vulnerability in multiple products
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
local
low complexity
linux fedoraproject debian CWE-908
5.5
5.5
2022-09-15 CVE-2022-39209 Algorithmic Complexity vulnerability in multiple products
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.
network
low complexity
github fedoraproject CWE-407
6.5
6.5
2022-09-14 CVE-2022-40626 Cross-site Scripting vulnerability in multiple products
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
network
low complexity
zabbix fedoraproject CWE-79
6.1
6.1