Fedoraproject Fedora vulnerabilities

CVE-2024-25979 [MEDIUM] CWE-233 CVE-2024-25979: The URL parameters accepted by forum search were not limited to the allowed parameters. The URL parameters accepted by forum search were not limited to the allowed parameters.

CVE-2024-25981 [MEDIUM] CWE-284 CVE-2024-25981: Separate Groups mode restrictions were not honored when performing a forum export, which would expor Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.

CVE-2024-25980 [MEDIUM] CWE-284 CVE-2024-25980: Separate Groups mode restrictions were not honored in the H5P attempts report, which would display u Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

CVE-2024-25983 [MEDIUM] CWE-639 CVE-2024-25983: Insufficient checks in a web service made it possible to add comments to the comments block on anoth Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

CVE-2023-50387 [HIGH] CWE-770 CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an al

CVE-2023-50868 [HIGH] CWE-400 CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iter

CVE-2023-5679 [HIGH] CWE-617 CVE-2023-5679: A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVE-2023-4408 [HIGH] CWE-407 CVE-2023-4408: The DNS message parsing code in `named` includes a section whose computational complexity is overly The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This i

CVE-2024-24814 [HIGH] CWE-400 CVE-2024-24814: mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal securit

CVE-2023-5517 [HIGH] CWE-617 CVE-2023-5517: A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.1

CVE-2023-52429 [MEDIUM] CWE-754 CVE-2023-52429: dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_ dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

CVE-2023-6681 [MEDIUM] CWE-400 CVE-2023-6681: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (Do A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

CVE-2024-1062 [MEDIUM] CWE-122 CVE-2024-1062: A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

CVE-2024-1454 [LOW] CWE-416 CVE-2024-1454: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in t The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted res

CVE-2024-1151 [MEDIUM] CWE-121 CVE-2024-1151: A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.

CVE-2024-0229 [HIGH] CWE-787 CVE-2024-0229: An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.

CVE-2024-1312 [MEDIUM] CWE-416 CVE-2024-1312: A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins t A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

CVE-2024-1283 [CRITICAL] CWE-787 CVE-2024-1283: Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to p Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-1284 [CRITICAL] CWE-416 CVE-2024-1284: Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potenti Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-20290 [HIGH] CWE-126 CVE-2024-20290: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote atta A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability