Fedoraproject Fedora vulnerabilities

CVE-2023-4904 [MEDIUM] CVE-2023-4904: Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remot Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

CVE-2023-4903 [MEDIUM] CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.6 Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4907 [MEDIUM] CVE-2023-4907: Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-40032 [MEDIUM] CWE-476 CVE-2023-40032: libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

CVE-2023-41915 [HIGH] CWE-362 CVE-2023-41915: OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

CVE-2023-39511 [MEDIUM] CWE-79 CVE-2023-39511: Cacti is an open source operational monitoring and fault management framework. Affected versions are Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's b

CVE-2023-39361 [CRITICAL] CWE-89 CVE-2023-39361: Cacti is an open source operational monitoring and fault management framework. Affected versions are Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attac

CVE-2023-39358 [HIGH] CWE-89 CVE-2023-39358: Cacti is an open source operational monitoring and fault management framework. An authenticated SQL Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `

CVE-2023-39357 [HIGH] CWE-20 CVE-2023-39357: Cacti is an open source operational monitoring and fault management framework. A defect in the sql_s Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple S

CVE-2023-4762 [HIGH] CWE-843 CVE-2023-4762: Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute a Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVE-2023-39359 [HIGH] CWE-89 CVE-2023-39359: Cacti is an open source operational monitoring and fault management framework. An authenticated SQL Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `

CVE-2023-39362 [HIGH] CWE-78 CVE-2023-39362: Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, unde Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions,

CVE-2023-41909 [HIGH] CWE-476 CVE-2023-41909: An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.

CVE-2023-4761 [HIGH] CWE-125 CVE-2023-4761: Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attac Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVE-2023-39515 [MEDIUM] CWE-79 CVE-2023-39515: Cacti is an open source operational monitoring and fault management framework. Affected versions are Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at

CVE-2023-39513 [MEDIUM] CWE-79 CVE-2023-39513: Cacti is an open source operational monitoring and fault management framework. Affected versions are Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's b

CVE-2023-30534 [MEDIUM] CWE-502 CVE-2023-30534: Cacti is an open source operational monitoring and fault management framework. There are two instanc Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Eac

CVE-2023-39360 [MEDIUM] CWE-79 CVE-2023-39360: Cacti is an open source operational monitoring and fault management framework.Affected versions are Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_bu

CVE-2023-39510 [MEDIUM] CWE-79 CVE-2023-39510: Cacti is an open source operational monitoring and fault management framework. Affected versions are Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser

CVE-2023-39514 [MEDIUM] CWE-79 CVE-2023-39514: Cacti is an open source operational monitoring and fault management framework. Affected versions are Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's b