Fedoraproject Fedora vulnerabilities

CVE-2024-0567 [HIGH] CWE-347 CVE-2024-0567: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

CVE-2024-0517 [HIGH] CWE-787 CVE-2024-0517: Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to pote Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0232 [MEDIUM] CWE-416 CVE-2024-0232: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

CVE-2023-4001 [MEDIUM] CWE-290 CVE-2023-4001: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device t An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boo

CVE-2024-23301 [MEDIUM] CWE-276 CVE-2024-23301: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. T Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

CVE-2024-0443 [MEDIUM] CWE-402 CVE-2024-0443: A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs

CVE-2023-41056 [HIGH] CWE-190 CVE-2023-41056: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory b Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

CVE-2024-0333 [MEDIUM] CVE-2024-0333: Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attac Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5455 [MEDIUM] CWE-352 CVE-2023-5455: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certai

CVE-2021-3600 [HIGH] CWE-125 CVE-2021-3600: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds inf It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.

CVE-2024-0225 [HIGH] CWE-416 CVE-2024-0225: Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to poten Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0222 [HIGH] CWE-416 CVE-2024-0222: Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had c Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-6270 [HIGH] CWE-416 CVE-2023-6270: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() fu A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential cod

CVE-2024-0223 [HIGH] CWE-787 CVE-2024-0223: Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0224 [HIGH] CWE-416 CVE-2024-0224: Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to pot Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-22049 [MEDIUM] CWE-472 CVE-2024-22049: httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote a httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.

CVE-2023-6004 [MEDIUM] CWE-74 CVE-2023-6004: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit un A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CVE-2024-0217 [LOW] CWE-416 CVE-2024-0217: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics f A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered

CVE-2023-6693 [MEDIUM] CWE-121 CVE-2023-6693: A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flu A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the

CVE-2023-7104 [HIGH] CWE-122 CVE-2023-7104: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affe A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of thi