Fedoraproject Fedora vulnerabilities

CVE-2023-29483 [HIGH] CWE-292 CVE-2023-29483: eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, withi

CVE-2024-3157 [CRITICAL] CWE-787 CVE-2024-3157: Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

CVE-2024-31309 [HIGH] CWE-20 CVE-2024-31309: HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the serv HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memor

CVE-2023-2794 [HIGH] CWE-119 CVE-2023-2794: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was fo

CVE-2024-3515 [MEDIUM] CWE-416 CVE-2024-3515: Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potenti Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-3516 [MEDIUM] CWE-787 CVE-2024-3516: Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-24576 [CRITICAL] CWE-78 CVE-2024-24576: Rust is a programming language. The Rust Security Response WG was notified that the Rust standard li Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbi

CVE-2024-3116 [CRITICAL] CWE-77 CVE-2024-3116: pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate bina pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

CVE-2024-27316 [HIGH] CWE-770 CVE-2024-27316: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

CVE-2023-38709 [HIGH] CWE-1284 CVE-2023-38709: Faulty input validation in the core of Apache allows malicious or exploitable backend/content genera Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

CVE-2024-24795 [MEDIUM] CWE-113 CVE-2024-24795: HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

CVE-2024-28182 [MEDIUM] CWE-770 CVE-2024-28182: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by

CVE-2024-30260 [MEDIUM] CWE-285 CVE-2024-30260: Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Pro Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

CVE-2024-30261 [LOW] CWE-284 CVE-2024-30261: Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

CVE-2024-3209 [CRITICAL] CWE-122 CVE-2024-3209: A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted earl

CVE-2024-28960 [HIGH] CWE-284 CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mb An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

CVE-2024-2398 [HIGH] CWE-772 CVE-2024-2398: When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received h When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silen

CVE-2024-2004 [LOW] CWE-436 CVE-2024-2004: When a protocol selection parameter option disables all protocols without adding any then the defaul When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.s

CVE-2024-2887 [HIGH] CWE-843 CVE-2024-2887: Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to e Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVE-2024-2885 [HIGH] CWE-416 CVE-2024-2885: Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentia Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)