Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-28 CVE-2022-2231 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
local
low complexity
vim fedoraproject
5.5
5.5
2022-06-28 CVE-2022-31052 Synapse is an open source home server implementation for the Matrix chat network.
network
low complexity
matrix fedoraproject
6.5
6.5
2022-06-27 CVE-2022-2208 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
local
low complexity
vim fedoraproject
5.5
5.5
2022-06-24 CVE-2022-32209 Cross-site Scripting vulnerability in multiple products
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden.
network
low complexity
rubyonrails fedoraproject debian CWE-79
6.1
6.1
2022-06-23 CVE-2022-29526 Improper Privilege Management vulnerability in multiple products
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment.
network
low complexity
golang fedoraproject netapp CWE-269
5.3
5.3
2022-06-23 CVE-2022-33068 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
local
low complexity
harfbuzz-project fedoraproject CWE-190
5.5
5.5
2022-06-23 CVE-2022-33070 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c.
local
low complexity
protobuf-c-project fedoraproject
5.5
5.5
2022-06-16 CVE-2022-2085 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory.
local
low complexity
artifex fedoraproject CWE-476
5.5
5.5
2022-06-15 CVE-2022-21166 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
5.5
2022-06-15 CVE-2022-21123 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
xen fedoraproject intel vmware debian CWE-459
5.5
5.5