Vulnerabilities > Fedoraproject > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-21 | CVE-2022-42331 | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. | 5.5 |
2023-03-21 | CVE-2022-42334 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. | 6.5 |
2023-03-07 | CVE-2023-1264 | NULL Pointer Dereference vulnerability in multiple products NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | 5.5 |
2023-03-06 | CVE-2021-20251 | Race Condition vulnerability in multiple products A flaw was found in samba. | 5.9 |
2023-02-27 | CVE-2023-1055 | Improper Certificate Validation vulnerability in multiple products A flaw was found in RHDS 11 and RHDS 12. | 5.5 |
2023-02-02 | CVE-2022-3560 | Improper Privilege Management vulnerability in multiple products A flaw was found in pesign. | 5.5 |
2023-01-27 | CVE-2022-4285 | NULL Pointer Dereference vulnerability in multiple products An illegal memory access flaw was found in the binutils package. | 5.5 |
2023-01-17 | CVE-2018-14628 | Missing Authorization vulnerability in multiple products An information leak vulnerability was discovered in Samba's LDAP server. | 4.3 |
2023-01-17 | CVE-2023-22298 | Open Redirect vulnerability in multiple products Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |
2023-01-14 | CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 6.5 |