Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-01-27 CVE-2022-4285 NULL Pointer Dereference vulnerability in multiple products
An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat CWE-476
5.5
2023-01-20 CVE-2022-47021 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
local
low complexity
xiph fedoraproject CWE-476
7.8
2023-01-18 CVE-2023-22809 Improper Privilege Management vulnerability in multiple products
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
local
low complexity
sudo-project debian fedoraproject CWE-269
7.8
2023-01-17 CVE-2018-14628 Missing Authorization vulnerability in multiple products
An information leak vulnerability was discovered in Samba's LDAP server.
network
low complexity
samba fedoraproject CWE-862
4.3
2023-01-17 CVE-2022-47318 ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product.
network
low complexity
ruby-git-project debian fedoraproject
8.0
2023-01-17 CVE-2023-22298 Open Redirect vulnerability in multiple products
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
network
low complexity
pgadmin fedoraproject CWE-601
6.1
2023-01-14 CVE-2023-23589 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
network
low complexity
torproject debian fedoraproject
6.5
2023-01-12 CVE-2023-23456 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file.
local
low complexity
upx-project fedoraproject CWE-787
5.5
2023-01-12 CVE-2023-23457 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp.
local
low complexity
upx-project fedoraproject CWE-119
5.5
2023-01-12 CVE-2022-3437 Heap-based Buffer Overflow vulnerability in multiple products
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal.
network
low complexity
samba fedoraproject CWE-122
6.5