Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2023-25136 | Double Free vulnerability in multiple products OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. | 6.5 |
| 2023-02-02 | CVE-2022-3560 | Path Traversal vulnerability in multiple products A flaw was found in pesign. | 5.5 |
| 2023-01-30 | CVE-2022-48303 | Out-of-bounds Read vulnerability in multiple products GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. | 5.5 |
| 2023-01-27 | CVE-2022-4285 | An illegal memory access flaw was found in the binutils package. | 5.5 |
| 2023-01-17 | CVE-2018-14628 | Missing Authorization vulnerability in multiple products An information leak vulnerability was discovered in Samba's LDAP server. | 4.3 |
| 2023-01-17 | CVE-2023-22298 | Open Redirect vulnerability in multiple products Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |
| 2023-01-14 | CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 6.5 |
| 2023-01-12 | CVE-2023-23456 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. | 5.5 |
| 2023-01-12 | CVE-2023-23457 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. | 5.5 |
| 2023-01-12 | CVE-2022-3437 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. | 6.5 |