Fedoraproject Fedora vulnerabilities

CVE-2023-34241 [HIGH] CWE-416 CVE-2023-34241: OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like op OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts

CVE-2023-2828 [HIGH] CWE-770 CVE-2023-2828: Every `named` instance configured to run as a recursive resolver maintains a cache database holding Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available

CVE-2023-2911 [HIGH] CWE-787 CVE-2023-2911: If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer- If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15

CVE-2023-34475 [MEDIUM] CWE-416 CVE-2023-34475: A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

CVE-2023-3195 [MEDIUM] CWE-121 CVE-2023-3195: A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an at A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

CVE-2023-2431 [MEDIUM] CWE-1287 CVE-2023-2431: A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcemen A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.

CVE-2023-34474 [MEDIUM] CWE-122 CVE-2023-34474: A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in c A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

CVE-2023-30631 [HIGH] CWE-20 CVE-2023-30631: Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The co Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.

CVE-2023-3216 [HIGH] CWE-843 CVE-2023-3216: Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3217 [HIGH] CWE-416 CVE-2023-3217: Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potent Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-3214 [HIGH] CWE-416 CVE-2023-3214: Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attack Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2023-3215 [HIGH] CWE-416 CVE-2023-3215: Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to poten Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-20867 [LOW] CWE-287 CVE-2023-20867: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operation A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CVE-2023-3161 [MEDIUM] CWE-1335 CVE-2023-3161: A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

CVE-2023-2454 [HIGH] CWE-20 CVE-2023-2454: schema_element defeats protective search_path changes; It was found that certain database calls in P schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.

CVE-2023-32732 [MEDIUM] CWE-440 CVE-2023-32732: gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/3

CVE-2023-2455 [MEDIUM] CWE-20 CVE-2023-2455: Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect po Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is plan

CVE-2023-29404 [CRITICAL] CWE-94 CVE-2023-29404: The go command may execute arbitrary code at build time when using cgo. This may occur when running The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrect

CVE-2023-29402 [CRITICAL] CWE-94 CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpec The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not aff

CVE-2023-29405 [CRITICAL] CWE-74 CVE-2023-29405: The go command may execute arbitrary code at build time when using cgo. This may occur when running The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed fla