Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-12 | CVE-2022-3592 | Link Following vulnerability in multiple products A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. | 6.5 |
| 2023-01-12 | CVE-2022-47927 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 5.5 |
| 2023-01-11 | CVE-2023-22945 | Incorrect Authorization vulnerability in multiple products In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | 4.3 |
| 2023-01-10 | CVE-2023-22909 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 5.3 |
| 2023-01-10 | CVE-2023-22911 | Cross-site Scripting vulnerability in multiple products An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. | 6.1 |
| 2022-12-15 | CVE-2022-46392 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. | 5.3 |
| 2022-12-08 | CVE-2022-41717 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. | 5.3 |
| 2022-12-08 | CVE-2022-4122 | A vulnerability was found in buildah. | 5.3 |
| 2022-12-04 | CVE-2022-46391 | Cross-site Scripting vulnerability in multiple products AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. | 6.1 |
| 2022-11-30 | CVE-2022-46149 | Cap'n Proto is a data interchange format and remote procedure call (RPC) system. | 5.4 |