Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-22 | CVE-2023-28439 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |
| 2023-03-21 | CVE-2022-42331 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. | 5.5 |
| 2023-03-21 | CVE-2022-42334 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 6.5 |
| 2023-03-07 | CVE-2023-1264 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | 5.5 |
| 2023-03-06 | CVE-2021-20251 | Race Condition vulnerability in multiple products A flaw was found in samba. | 5.9 |
| 2023-02-28 | CVE-2022-41727 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. | 5.5 |
| 2023-02-27 | CVE-2023-1055 | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
| 2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 6.5 |
| 2023-02-08 | CVE-2023-0003 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. | 6.5 |
| 2023-02-03 | CVE-2023-25136 | Double Free vulnerability in multiple products OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. | 6.5 |