Fedoraproject Fedora vulnerabilities

CVE-2023-5344 [HIGH] CWE-122 CVE-2023-5344: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

CVE-2023-44488 [HIGH] CWE-755 CVE-2023-44488: VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.

CVE-2023-43655 [HIGH] CWE-74 CVE-2023-43655: Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessibl Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised

CVE-2023-5186 [HIGH] CWE-416 CVE-2023-5186: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who c Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

CVE-2023-5187 [HIGH] CWE-416 CVE-2023-5187: Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convin Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-5217 [HIGH] CWE-787 CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-42756 [MEDIUM] CWE-362 CVE-2023-42756: A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.

CVE-2023-5157 [HIGH] CWE-400 CVE-2023-5157: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.

CVE-2023-41074 [HIGH] CVE-2023-41074: The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

CVE-2023-35074 [HIGH] CVE-2023-35074: The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, wa The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

CVE-2023-42453 [MEDIUM] CWE-285 CVE-2023-42453: Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Use Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, ev

CVE-2023-5169 [MEDIUM] CWE-787 CVE-2023-5169: A compromised content process could have provided malicious data in a `PathRecording` resulting in a A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5171 [MEDIUM] CWE-416 CVE-2023-5171: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allo During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-42822 [MEDIUM] CWE-125 CVE-2023-42822: xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c i xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian plat

CVE-2023-41335 [LOW] CWE-312 CVE-2023-41335: Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Whe Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the ex

CVE-2023-4156 [HIGH] CWE-125 CVE-2023-4156: A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

CVE-2022-4318 [HIGH] CWE-538 CVE-2022-4318: A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/pass A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

CVE-2023-5002 [HIGH] CWE-78 CVE-2023-5002: A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

CVE-2023-43090 [MEDIUM] CWE-862 CVE-2023-43090: A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.

CVE-2023-42811 [MEDIUM] CWE-347 CVE-2023-42811: aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to versio aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffe