Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2023-28336 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
network
low complexity
moodle fedoraproject CWE-668
4.3
4.3
2023-03-23 CVE-2023-1289 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault.
local
low complexity
imagemagick fedoraproject redhat CWE-20
5.5
5.5
2023-03-23 CVE-2023-1544 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device.
local
low complexity
qemu fedoraproject CWE-770
6.3
6.3
2023-03-22 CVE-2023-28439 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor fedoraproject CWE-79
6.1
6.1
2023-03-21 CVE-2022-42331 x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late.
local
low complexity
xen fedoraproject
5.5
5.5
2023-03-21 CVE-2022-42334 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place.
local
low complexity
xen debian fedoraproject CWE-770
6.5
6.5
2023-03-07 CVE-2023-1264 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
local
low complexity
vim fedoraproject
5.5
5.5
2023-03-06 CVE-2021-20251 Race Condition vulnerability in multiple products
A flaw was found in samba.
network
high complexity
samba fedoraproject CWE-362
5.9
5.9
2023-03-03 CVE-2022-4645 Out-of-bounds Read vulnerability in multiple products
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file.
local
low complexity
fedoraproject libtiff CWE-125
5.5
5.5
2023-02-28 CVE-2022-41727 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig.
local
low complexity
golang fedoraproject CWE-770
5.5
5.5