Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-27 CVE-2023-1055 Improper Certificate Validation vulnerability in multiple products
A flaw was found in RHDS 11 and RHDS 12.
local
low complexity
redhat fedoraproject CWE-295
5.5
5.5
2023-02-23 CVE-2023-23916 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms.
network
low complexity
haxx fedoraproject debian netapp splunk CWE-770
6.5
6.5
2023-02-08 CVE-2023-0003 Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
network
low complexity
paloaltonetworks fedoraproject CWE-610
6.5
6.5
2023-02-03 CVE-2023-25136 Double Free vulnerability in multiple products
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling.
network
high complexity
openbsd fedoraproject netapp CWE-415
6.5
6.5
2023-02-02 CVE-2022-3560 Path Traversal vulnerability in multiple products
A flaw was found in pesign.
local
low complexity
pesign-project fedoraproject redhat CWE-22
5.5
5.5
2023-01-30 CVE-2022-48303 Out-of-bounds Read vulnerability in multiple products
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.
local
low complexity
gnu fedoraproject CWE-125
5.5
5.5
2023-01-27 CVE-2022-4285 An illegal memory access flaw was found in the binutils package.
local
low complexity
gnu fedoraproject redhat
5.5
5.5
2023-01-17 CVE-2018-14628 Missing Authorization vulnerability in multiple products
An information leak vulnerability was discovered in Samba's LDAP server.
network
low complexity
samba fedoraproject CWE-862
4.3
4.3
2023-01-17 CVE-2023-22298 Open Redirect vulnerability in multiple products
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
network
low complexity
pgadmin fedoraproject CWE-601
6.1
6.1
2023-01-14 CVE-2023-23589 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
network
low complexity
torproject debian fedoraproject
6.5
6.5