Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2023-22911 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 6.1 |
| 2022-12-15 | CVE-2022-46392 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. | 5.3 |
| 2022-12-08 | CVE-2022-41717 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. | 5.3 |
| 2022-12-08 | CVE-2022-4122 | Link Following vulnerability in multiple products A vulnerability was found in buildah. | 5.3 |
| 2022-12-04 | CVE-2022-46391 | Cross-site Scripting vulnerability in multiple products AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | 6.1 |
| 2022-11-30 | CVE-2022-46149 | Out-of-bounds Read vulnerability in multiple products Cap'n Proto is a data interchange format and remote procedure call (RPC) system. | 5.4 |
| 2022-11-29 | CVE-2022-4144 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. | 6.5 |
| 2022-11-29 | CVE-2022-4172 | Classic Buffer Overflow vulnerability in multiple products An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. | 6.5 |
| 2022-11-28 | CVE-2022-4129 | Improper Locking vulnerability in multiple products A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). | 5.5 |
| 2022-11-25 | CVE-2022-39346 | Resource Exhaustion vulnerability in multiple products Nextcloud server is an open source personal cloud server. | 6.5 |