Fedoraproject Fedora vulnerabilities

CVE-2024-34161 [MEDIUM] CWE-416 CVE-2024-34161: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastruc When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

CVE-2024-35200 [MEDIUM] CWE-476 CVE-2024-35200: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 reques When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

CVE-2024-31079 [MEDIUM] CWE-121 CVE-2024-31079: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 reques When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.

CVE-2024-32760 [MEDIUM] CWE-787 CVE-2024-32760: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encode When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

CVE-2024-5274 [CRITICAL] CWE-843 CVE-2024-5274: Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute a Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2024-5157 [HIGH] CWE-416 CVE-2024-5157: Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to ex Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2024-5158 [HIGH] CWE-843 CVE-2024-5158: Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentiall Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CVE-2024-5159 [HIGH] CWE-125 CVE-2024-5159: Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to p Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVE-2024-5160 [HIGH] CWE-787 CVE-2024-5160: Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to pe Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVE-2024-35949 [HIGH] CWE-787 CVE-2024-35949: In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN i In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checki

CVE-2024-35947 [MEDIUM] CVE-2024-35947: In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >cont In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.

CVE-2024-36048 [CRITICAL] CWE-335 CVE-2024-36048: QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6. QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

CVE-2024-31142 [HIGH] CWE-693 CVE-2024-31142: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properl Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html

CVE-2023-46842 [MEDIUM] CWE-843 CVE-2023-46842: Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in parti Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose

CVE-2024-4947 [CRITICAL] CWE-843 CVE-2024-4947: Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute ar Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2024-4948 [MEDIUM] CWE-416 CVE-2024-4948: Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentia Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-4949 [MEDIUM] CWE-416 CVE-2024-4949: Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentiall Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2024-4950 [MEDIUM] CWE-1021 CVE-2024-4950: Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote a Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2024-34340 [CRITICAL] CWE-287 CVE-2024-34340: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Ca Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is

CVE-2024-4671 [CRITICAL] CWE-416 CVE-2024-4671: Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)