Vulnerabilities > Fedoraproject > Fedora > 38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2022-42333 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 8.6 |
| 2023-03-21 | CVE-2022-42334 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 6.5 |
| 2023-03-07 | CVE-2023-1264 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | 5.5 |
| 2023-03-03 | CVE-2022-4645 | Out-of-bounds Read vulnerability in multiple products LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. | 5.5 |
| 2023-03-02 | CVE-2023-25358 | Use After Free vulnerability in multiple products A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 |
| 2023-02-28 | CVE-2022-41727 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. | 5.5 |
| 2023-02-28 | CVE-2023-27320 | Double Free vulnerability in multiple products Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 |
| 2023-02-27 | CVE-2023-1055 | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
| 2023-02-17 | CVE-2023-24329 | Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 |
| 2023-02-15 | CVE-2023-0361 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. | 7.4 |