Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2023-03-03 CVE-2022-41862 In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption.
network
high complexity
postgresql fedoraproject redhat
3.7
3.7
2023-03-02 CVE-2023-25358 Use After Free vulnerability in multiple products
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
network
low complexity
webkitgtk fedoraproject CWE-416
8.8
8.8
2023-03-01 CVE-2023-1127 Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
local
low complexity
vim fedoraproject
7.8
7.8
2023-02-28 CVE-2022-41727 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig.
local
low complexity
golang fedoraproject CWE-770
5.5
5.5
2023-02-28 CVE-2023-27320 Double Free vulnerability in multiple products
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
network
low complexity
sudo-project fedoraproject CWE-415
7.2
7.2
2023-02-27 CVE-2023-1055 Improper Certificate Validation vulnerability in multiple products
A flaw was found in RHDS 11 and RHDS 12.
local
low complexity
redhat fedoraproject CWE-295
5.5
5.5
2023-02-23 CVE-2023-23916 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms.
network
low complexity
haxx fedoraproject debian netapp splunk CWE-770
6.5
6.5
2023-02-20 CVE-2023-26081 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
network
low complexity
gnome fedoraproject CWE-668
7.5
7.5
2023-02-17 CVE-2023-24329 Improper Input Validation vulnerability in multiple products
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
network
low complexity
python fedoraproject netapp CWE-20
7.5
7.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
7.4