Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-31 CVE-2023-28756 A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1.
network
low complexity
ruby-lang debian fedoraproject
5.3
2023-03-30 CVE-2023-27535 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27536 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option.
network
high complexity
haxx fedoraproject debian netapp splunk CWE-287
5.9
2023-03-30 CVE-2023-27538 Improper Authentication vulnerability in multiple products
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse.
5.5
2023-03-30 CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression.
network
low complexity
angularjs fedoraproject
5.3
2023-03-30 CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression.
network
low complexity
angularjs fedoraproject
5.3
2023-03-30 CVE-2023-26118 Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality.
network
low complexity
angularjs fedoraproject
5.3
2023-03-28 CVE-2023-28447 Cross-site Scripting vulnerability in multiple products
Smarty is a template engine for PHP.
network
low complexity
smarty fedoraproject CWE-79
6.1
2023-03-27 CVE-2023-1073 Out-of-bounds Write vulnerability in multiple products
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device.
6.6
2023-03-23 CVE-2023-0056 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service.
network
low complexity
haproxy redhat fedoraproject CWE-400
6.5