Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-30	CVE-2023-26117	Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. network low complexity angularjs fedoraproject	5.3
2023-03-30	CVE-2023-26118	Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. network low complexity angularjs fedoraproject	5.3
2023-03-28	CVE-2023-28447	Cross-site Scripting vulnerability in multiple products Smarty is a template engine for PHP. network low complexity smarty fedoraproject CWE-79	6.1
2023-03-27	CVE-2023-1073	Out-of-bounds Write vulnerability in multiple products A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. low complexity linux redhat fedoraproject CWE-787	6.6
2023-03-23	CVE-2023-28336	Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. network low complexity moodle fedoraproject CWE-668	4.3
2023-03-23	CVE-2023-1289	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. local low complexity imagemagick fedoraproject redhat CWE-20	5.5
2023-03-23	CVE-2023-1544	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. local low complexity qemu fedoraproject CWE-770	6.3
2023-03-22	CVE-2023-28439	Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. network low complexity ckeditor fedoraproject CWE-79	6.1
2023-03-21	CVE-2022-42331	x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. local low complexity xen fedoraproject	5.5
2023-03-21	CVE-2022-42334	Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. local low complexity xen debian fedoraproject CWE-770	6.5