Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-02-08 CVE-2023-0003 Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
network
low complexity
paloaltonetworks fedoraproject CWE-610
6.5
6.5
2023-02-07 CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
network
low complexity
gnu fedoraproject
7.5
7.5
2023-02-04 CVE-2023-25193 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
network
low complexity
harfbuzz-project fedoraproject CWE-770
7.5
7.5
2023-02-03 CVE-2023-25136 Double Free vulnerability in multiple products
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling.
network
high complexity
openbsd fedoraproject netapp CWE-415
6.5
6.5
2023-02-02 CVE-2022-3560 Path Traversal vulnerability in multiple products
A flaw was found in pesign.
local
low complexity
pesign-project fedoraproject redhat CWE-22
5.5
5.5
2023-02-01 CVE-2022-4254 sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
network
low complexity
fedoraproject redhat
8.8
8.8
2023-01-30 CVE-2022-48303 Out-of-bounds Read vulnerability in multiple products
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.
local
low complexity
gnu fedoraproject CWE-125
5.5
5.5
2023-01-27 CVE-2022-4285 An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat
5.5
5.5
2023-01-20 CVE-2022-47021 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
local
low complexity
xiph fedoraproject CWE-476
7.8
7.8
2023-01-18 CVE-2023-22809 Improper Privilege Management vulnerability in multiple products
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. 		7.8
7.8