Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-30 CVE-2022-2056 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
6.5
2022-06-30 CVE-2022-2057 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
6.5
2022-06-30 CVE-2022-2058 Divide By Zero vulnerability in multiple products
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file.
network
low complexity
libtiff netapp fedoraproject debian CWE-369
6.5
6.5
2022-06-28 CVE-2022-2231 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim fedoraproject
5.5
5.5
2022-06-28 CVE-2022-31052 Synapse is an open source home server implementation for the Matrix chat network.
network
low complexity
matrix fedoraproject
6.5
6.5
2022-06-27 CVE-2022-2208 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
local
low complexity
vim fedoraproject
5.5
5.5
2022-06-24 CVE-2022-32209 Cross-site Scripting vulnerability in multiple products
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden.
network
low complexity
rubyonrails fedoraproject debian CWE-79
6.1
6.1
2022-06-23 CVE-2022-29526 Improper Privilege Management vulnerability in multiple products
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment.
network
low complexity
golang fedoraproject netapp CWE-269
5.3
5.3
2022-06-23 CVE-2022-33068 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
local
low complexity
harfbuzz-project fedoraproject CWE-190
5.5
5.5
2022-06-23 CVE-2022-33070 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c.
local
low complexity
protobuf-c-project fedoraproject
5.5
5.5