Vulnerabilities > Fedoraproject > Fedora > 38

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-08	CVE-2023-0003	Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. network low complexity paloaltonetworks fedoraproject CWE-610	6.5
2023-02-03	CVE-2023-25136	Double Free vulnerability in multiple products OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. network high complexity openbsd fedoraproject netapp CWE-415	6.5
2023-01-30	CVE-2022-48303	Out-of-bounds Read vulnerability in multiple products GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. local low complexity gnu fedoraproject CWE-125	5.5
2022-12-08	CVE-2022-41717	Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. network low complexity golang fedoraproject CWE-770	5.3
2022-12-06	CVE-2022-24439	Improper Input Validation vulnerability in multiple products All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. network low complexity gitpython-project fedoraproject debian CWE-20 critical	9.8
2022-11-12	CVE-2022-45188	Out-of-bounds Write vulnerability in multiple products Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. local low complexity netatalk debian fedoraproject CWE-787	7.8
2022-03-25	CVE-2022-22995	Link Following vulnerability in multiple products The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. network low complexity westerndigital fedoraproject netatalk CWE-59 critical	9.8
2022-03-10	CVE-2022-0856	Divide By Zero vulnerability in multiple products libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service network low complexity libcaca-project fedoraproject CWE-369	6.5
2022-02-24	CVE-2022-24599	Memory Leak vulnerability in multiple products In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. network low complexity audio-file-library-project debian fedoraproject CWE-401	6.5
2019-12-18	CVE-2018-1311	Use After Free vulnerability in multiple products The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. network high complexity apache redhat debian oracle fedoraproject CWE-416	8.1