Fedoraproject Fedora vulnerabilities

CVE-2023-6879 [CRITICAL] CWE-20 CVE-2023-6879: Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().

CVE-2023-51767 [HIGH] CVE-2023-51767: OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authen OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this

CVE-2023-7101 [HIGH] CWE-95 CVE-2023-7101: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::Par Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-styl

CVE-2023-51766 [MEDIUM] CWE-345 CVE-2023-51766: Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attac Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.

CVE-2023-51764 [MEDIUM] CWE-345 CVE-2023-51764: Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_un Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass

CVE-2023-6546 [HIGH] CWE-366 CVE-2023-6546: A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs wh A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to

CVE-2023-7024 [HIGH] CWE-787 CVE-2023-7024: Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4255 [MEDIUM] CWE-787 CVE-2023-4255: An out-of-bounds write issue has been discovered in the backspace handling of the checkType() functi An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

CVE-2023-4256 [MEDIUM] CWE-415 CVE-2023-4256: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cl Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

CVE-2023-6918 [MEDIUM] CWE-252 CVE-2023-6918: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemen A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case,

CVE-2023-47038 [HIGH] CWE-122 CVE-2023-47038: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular ex A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-6702 [HIGH] CWE-843 CVE-2023-6702: Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5764 [HIGH] CWE-1336 CVE-2023-5764: A template injection flaw was found in Ansible where a user's controller internal templating operati A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

CVE-2023-46219 [MEDIUM] CWE-311 CVE-2023-46219: When saving HSTS data to an excessively long file name, curl could end up removing all contents, mak When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.

CVE-2023-6185 [HIGH] CVE-2023-6185: Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOff Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are inst

CVE-2023-6186 [HIGH] CWE-281 CVE-2023-6186: Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker t Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

CVE-2023-6679 [MEDIUM] CWE-476 CVE-2023-6679: A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service.

CVE-2023-45866 [MEDIUM] CVE-2023-45866: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate an Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ub

CVE-2023-6622 [MEDIUM] CWE-476 CVE-2023-6622: A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset. A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service.