Fedoraproject Fedora vulnerabilities

CVE-2023-3354 [HIGH] CWE-476 CVE-2023-3354: A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU che A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL poi

CVE-2023-33170 [HIGH] CWE-362 CVE-2023-33170: ASP.NET and Visual Studio Security Feature Bypass Vulnerability ASP.NET and Visual Studio Security Feature Bypass Vulnerability

CVE-2023-36824 [HIGH] CWE-122 CVE-2023-36824: Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key n Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a s

CVE-2023-3269 [HIGH] CWE-416 CVE-2023-3269: A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

CVE-2023-1672 [MEDIUM] CWE-362 CVE-2023-1672: A race condition exists in the Tang server functionality for key generation and key rotation. This f A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

CVE-2023-34432 [HIGH] CWE-122 CVE-2023-34432: A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/format A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

CVE-2023-34318 [HIGH] CWE-122 CVE-2023-34318: A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:1 A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

CVE-2023-32627 [MEDIUM] CWE-1077 CVE-2023-32627: A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/v A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

CVE-2023-1183 [MEDIUM] CWE-20 CVE-2023-1183: A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/scr A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

CVE-2023-26590 [MEDIUM] CWE-1077 CVE-2023-26590: A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

CVE-2023-35934 [HIGH] CWE-200 CVE-2023-35934: yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 20

CVE-2023-31248 [HIGH] CWE-416 CVE-2023-31248: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byi Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

CVE-2023-35001 [HIGH] CWE-787 CVE-2023-35001: Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm regist Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

CVE-2023-36053 [HIGH] CWE-1333 CVE-2023-36053: In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

CVE-2023-30589 [HIGH] CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to deli The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impa

CVE-2023-1206 [MEDIUM] CWE-400 CVE-2023-1206: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 funct A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

CVE-2023-3432 [CRITICAL] CWE-918 CVE-2023-3432: Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

CVE-2023-3431 [MEDIUM] CWE-284 CVE-2023-3431: Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.

CVE-2023-36664 [HIGH] CWE-552 CVE-2023-36664: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pip Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVE-2023-3212 [MEDIUM] CWE-476 CVE-2023-3212: A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.