Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2023-02-02 CVE-2022-3560 Path Traversal vulnerability in multiple products
A flaw was found in pesign.
local
low complexity
pesign-project fedoraproject redhat CWE-22
5.5
5.5
2023-01-30 CVE-2022-48303 Out-of-bounds Read vulnerability in multiple products
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.
local
low complexity
gnu fedoraproject CWE-125
5.5
5.5
2023-01-27 CVE-2022-4285 An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat
5.5
5.5
2023-01-20 CVE-2022-47021 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
local
low complexity
xiph fedoraproject CWE-476
7.8
7.8
2023-01-18 CVE-2023-22809 Improper Privilege Management vulnerability in multiple products
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. 		7.8
7.8
2023-01-17 CVE-2018-14628 An information leak vulnerability was discovered in Samba's LDAP server.
network
low complexity
samba fedoraproject
4.3
4.3
2023-01-17 CVE-2022-47318 ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product.
network
low complexity
ruby-git-project debian fedoraproject
8.0
8.0
2023-01-17 CVE-2023-22298 Open Redirect vulnerability in multiple products
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
network
low complexity
pgadmin fedoraproject CWE-601
6.1
6.1
2023-01-14 CVE-2023-23589 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
network
low complexity
torproject debian fedoraproject
6.5
6.5
2023-01-12 CVE-2023-23456 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file.
local
low complexity
upx-project fedoraproject CWE-787
5.5
5.5