Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2022-42331 x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late.
local
low complexity
xen fedoraproject
5.5
2023-03-21 CVE-2022-42334 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place.
local
low complexity
xen debian fedoraproject CWE-770
6.5
2023-03-07 CVE-2023-1264 NULL Pointer Dereference vulnerability in multiple products
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
local
low complexity
vim fedoraproject CWE-476
5.5
2023-03-06 CVE-2021-20251 Race Condition vulnerability in multiple products
A flaw was found in samba.
network
high complexity
samba fedoraproject CWE-362
5.9
2023-02-27 CVE-2023-1055 Improper Certificate Validation vulnerability in multiple products
A flaw was found in RHDS 11 and RHDS 12.
local
low complexity
redhat fedoraproject CWE-295
5.5
2023-02-02 CVE-2022-3560 Improper Privilege Management vulnerability in multiple products
A flaw was found in pesign.
5.5
2023-01-27 CVE-2022-4285 NULL Pointer Dereference vulnerability in multiple products
An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat CWE-476
5.5
2023-01-17 CVE-2018-14628 Missing Authorization vulnerability in multiple products
An information leak vulnerability was discovered in Samba's LDAP server.
network
low complexity
samba fedoraproject CWE-862
4.3
2023-01-17 CVE-2023-22298 Open Redirect vulnerability in multiple products
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
network
low complexity
pgadmin fedoraproject CWE-601
6.1
2023-01-14 CVE-2023-23589 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
network
low complexity
torproject debian fedoraproject
6.5