Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2022-4904 Improper Input Validation vulnerability in multiple products
A flaw was found in the c-ares package.
network
low complexity
c-ares-project redhat fedoraproject CWE-20
8.6
2023-03-01 CVE-2023-1127 Divide By Zero vulnerability in multiple products
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
local
low complexity
vim fedoraproject CWE-369
7.8
2023-02-28 CVE-2023-27320 Double Free vulnerability in multiple products
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
network
low complexity
sudo-project fedoraproject CWE-415
7.2
2023-02-23 CVE-2023-23916 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms.
network
low complexity
haxx fedoraproject debian CWE-770
7.5
2023-02-20 CVE-2023-26081 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
network
low complexity
gnome fedoraproject CWE-668
7.5
2023-02-04 CVE-2023-25193 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
network
low complexity
harfbuzz-project fedoraproject CWE-770
7.5
2023-01-20 CVE-2022-47021 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
local
low complexity
xiph fedoraproject CWE-476
7.8
2023-01-18 CVE-2023-22809 Improper Privilege Management vulnerability in multiple products
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
local
low complexity
sudo-project debian fedoraproject CWE-269
7.8
2023-01-17 CVE-2022-47318 ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product.
network
low complexity
ruby-git-project debian fedoraproject
8.0
2023-01-10 CVE-2022-4379 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel.
network
low complexity
linux fedoraproject CWE-416
7.5