Fedoraproject Fedora vulnerabilities

CVE-2023-34968 [MEDIUM] CWE-201 CVE-2023-34968: A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba disclos A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

CVE-2023-3347 [MEDIUM] CWE-347 CVE-2023-3347: A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not e A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the net

CVE-2023-3674 [LOW] CWE-1283 CVE-2023-3674: A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM q A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

CVE-2023-22005 [MEDIUM] CVE-2023-22005: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ab

CVE-2023-22046 [MEDIUM] CVE-2023-22046: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-22054 [MEDIUM] CVE-2023-22054: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-22058 [MEDIUM] CVE-2023-22058: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to

CVE-2023-0160 [MEDIUM] CWE-833 CVE-2023-0160: A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to pote A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

CVE-2023-22056 [MEDIUM] CVE-2023-22056: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-22057 [MEDIUM] CVE-2023-22057: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Support Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil

CVE-2023-22008 [MEDIUM] CVE-2023-22008: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause

CVE-2023-22033 [MEDIUM] CVE-2023-22033: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to caus

CVE-2023-22053 [MEDIUM] CVE-2023-22053: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported v Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in

CVE-2023-22048 [LOW] CVE-2023-22048: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supp Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized rea

CVE-2023-22038 [LOW] CVE-2023-22038: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorize

CVE-2023-38403 [HIGH] CWE-190 CVE-2023-38403: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted lengt iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

CVE-2023-38252 [MEDIUM] CWE-125 CVE-2023-38252: An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may al An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

CVE-2023-38253 [MEDIUM] CWE-125 CVE-2023-38253: An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue m An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

CVE-2022-24834 [HIGH] CWE-122 CVE-2022-24834: Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Re Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and au

CVE-2023-3106 [HIGH] CWE-476 CVE-2023-3106: A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Ne A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cann