Fedoraproject Fedora vulnerabilities

CVE-2023-43788 [MEDIUM] CWE-125 CVE-2023-43788: A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuff A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.

CVE-2023-45129 [MEDIUM] CWE-770 CVE-2023-45129: Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Pri Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affect

CVE-2023-43786 [MEDIUM] CWE-400 CVE-2023-43786: A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.

CVE-2023-43785 [MEDIUM] CWE-787 CVE-2023-43785: A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() functio A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.

CVE-2023-43641 [HIGH] CWE-787 CVE-2023-43641: libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And

CVE-2023-39189 [MEDIUM] CWE-125 CVE-2023-39189: A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

CVE-2023-39193 [MEDIUM] CWE-125 CVE-2023-39193: A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

CVE-2023-39192 [MEDIUM] CWE-125 CVE-2023-39192: A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.

CVE-2023-39194 [MEDIUM] CWE-125 CVE-2023-39194: A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the proc A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.

CVE-2023-43615 [HIGH] CWE-120 CVE-2023-43615: Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

CVE-2023-45239 [CRITICAL] CWE-790 CVE-2023-45239: A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth c A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.

CVE-2023-39928 [HIGH] CWE-416 CVE-2023-39928: A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A special A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.

CVE-2023-5346 [HIGH] CWE-843 CVE-2023-5346: Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-39323 [HIGH] CVE-2023-39323: Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowin Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploitin

CVE-2023-42754 [MEDIUM] CWE-476 CVE-2023-42754: A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) wa A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

CVE-2023-5441 [MEDIUM] CWE-476 CVE-2023-5441: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8 NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

CVE-2023-43804 [HIGH] CWE-200 CVE-2023-43804: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP h urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if tha

CVE-2023-39191 [HIGH] CWE-20 CVE-2023-39191: An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occ An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.

CVE-2023-4911 [HIGH] CWE-122 CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE-2023-5345 [HIGH] CWE-416 CVE-2023-5345: A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to ach A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.