Fedoraproject Fedora vulnerabilities

CVE-2024-24246 [MEDIUM] CWE-787 CVE-2024-24246: Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

CVE-2024-27285 [MEDIUM] CWE-79 CVE-2024-27285: YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentat YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.

CVE-2024-27507 [HIGH] CWE-401 CVE-2024-27507: libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.

CVE-2024-25711 [HIGH] CWE-22 CVE-2024-25711: diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

CVE-2024-23836 [HIGH] CWE-770 CVE-2024-23836: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability i

CVE-2024-23837 [HIGH] CWE-770 CVE-2024-23837: LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive process LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.

CVE-2024-23839 [HIGH] CWE-416 CVE-2024-23839: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid

CVE-2024-1622 [HIGH] CWE-253 CVE-2024-1622: Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is res Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening.

CVE-2024-23835 [HIGH] CWE-400 CVE-2024-23835: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser.

CVE-2024-24568 [MEDIUM] CWE-284 CVE-2024-24568: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security M Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.

CVE-2024-25082 [MEDIUM] CWE-77 CVE-2024-25082: Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.

CVE-2024-25081 [MEDIUM] CWE-77 CVE-2024-25081: Splinefont in FontForge through 20230101 allows command injection via crafted filenames. Splinefont in FontForge through 20230101 allows command injection via crafted filenames.

CVE-2024-21501 [MEDIUM] CWE-200 CVE-2024-21501: Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the

CVE-2024-27319 [CRITICAL] CWE-125 CVE-2024-27319: Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.

CVE-2024-27318 [HIGH] CVE-2024-27318: Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as th Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.

CVE-2024-25629 [MEDIUM] CWE-127 CVE-2024-25629: c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local conf c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character

CVE-2023-3966 [HIGH] CWE-248 CVE-2023-3966: A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, w A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

CVE-2023-52160 [MEDIUM] CWE-287 CVE-2023-52160: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a succes The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV

CVE-2024-1670 [HIGH] CWE-416 CVE-2024-1670: Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentia Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-1675 [HIGH] CWE-284 CVE-2024-1675: Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)