Vulnerabilities > Fedoraproject > Fedora > 37
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2023-5349 | Memory Leak vulnerability in multiple products A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. | 3.3 |
| 2023-10-27 | CVE-2023-34058 | Improper Verification of Cryptographic Signature vulnerability in multiple products VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2023-10-25 | CVE-2023-5367 | Out-of-bounds Write vulnerability in multiple products A out-of-bounds write flaw was found in the xorg-x11-server. | 7.8 |
| 2023-10-25 | CVE-2023-5380 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the xorg-x11-server. | 4.7 |
| 2023-10-25 | CVE-2023-41983 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The issue was addressed with improved memory handling. | 6.5 |
| 2023-10-25 | CVE-2023-42852 | A logic issue was addressed with improved checks. | 8.8 |
| 2023-10-20 | CVE-2023-5686 | Out-of-bounds Write vulnerability in multiple products Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 8.8 |
| 2023-10-18 | CVE-2023-45145 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Redis is an in-memory database that persists on disk. | 3.6 |
| 2023-10-18 | CVE-2023-38545 | Out-of-bounds Write vulnerability in multiple products This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. | 9.8 |
| 2023-10-18 | CVE-2023-38552 | Insufficient Verification of Data Authenticity vulnerability in multiple products When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. | 7.5 |