Fedoraproject Fedora vulnerabilities

CVE-2023-38545 [CRITICAL] CWE-787 CVE-2023-38545: This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to loca

CVE-2023-38552 [HIGH] CWE-345 CVE-2023-38552: When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the a When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active

CVE-2023-5631 [MEDIUM] CWE-79 CVE-2023-5631: Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e- Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

CVE-2023-45145 [LOW] CWE-668 CVE-2023-45145: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix s Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. Thi

CVE-2023-41752 [HIGH] CWE-200 CVE-2023-41752: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.Th Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.

CVE-2023-39456 [HIGH] CWE-20 CVE-2023-39456: Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This i Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.

CVE-2023-45803 [MEDIUM] CWE-200 CVE-2023-45803: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HT urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified

CVE-2023-22084 [MEDIUM] CVE-2023-22084: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in un

CVE-2023-39999 [MEDIUM] CWE-200 CVE-2023-39999: Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 thr

CVE-2023-43789 [MEDIUM] CWE-125 CVE-2023-43789: A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a loca A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.

CVE-2023-45143 [LOW] CWE-200 CVE-2023-45143: Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici alrea Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles hea

CVE-2023-5535 [HIGH] CWE-416 CVE-2023-5535: Use After Free in GitHub repository vim/vim prior to v9.0.2010. Use After Free in GitHub repository vim/vim prior to v9.0.2010.

CVE-2023-37536 [HIGH] CWE-190 CVE-2023-37536: An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-b An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

CVE-2023-39325 [HIGH] CWE-770 CVE-2023-39325: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause exces A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. Wit

CVE-2023-5218 [HIGH] CWE-416 CVE-2023-5218: Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker t Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2023-5484 [MEDIUM] CVE-2023-5484: Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-5475 [MEDIUM] CVE-2023-5475: Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)

CVE-2023-5487 [MEDIUM] CVE-2023-5487: Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attack Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-43787 [HIGH] CWE-122 CVE-2023-43787: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. T A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.