Fedoraproject Fedora vulnerabilities

CVE-2023-29403 [HIGH] CWE-668 CVE-2023-29403: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/s On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result

CVE-2023-34969 [MEDIUM] CWE-404 CVE-2023-34969: D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user w D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstance

CVE-2023-2603 [HIGH] CWE-190 CVE-2023-2603: A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.

CVE-2023-33460 [MEDIUM] CWE-401 CVE-2023-33460: There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-me There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

CVE-2023-2602 [LOW] CWE-401 CVE-2023-2602: A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicio A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.

CVE-2023-3079 [HIGH] CWE-843 CVE-2023-3079: Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potential Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-34410 [MEDIUM] CWE-295 CVE-2023-34410: An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.

CVE-2023-34152 [CRITICAL] CWE-20 CVE-2023-34152: A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerabi A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

CVE-2023-34153 [HIGH] CWE-77 CVE-2023-34153: A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulner A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

CVE-2023-34151 [MEDIUM] CVE-2023-34151: A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of ca A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

CVE-2023-22970 [HIGH] CVE-2023-22970: Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.

CVE-2023-32681 [MEDIUM] CWE-200 CVE-2023-32681: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization head Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the head

CVE-2023-2283 [MEDIUM] CWE-287 CVE-2023-2283: A vulnerability was found in libssh, where the authentication check of the connecting client can be A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and

CVE-2023-1981 [MEDIUM] CWE-400 CVE-2023-1981: A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

CVE-2023-1667 [MEDIUM] CWE-476 CVE-2023-1667: A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.

CVE-2023-28321 [MEDIUM] CWE-295 CVE-2023-28321: An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports match An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would mat

CVE-2023-28322 [LOW] CWE-200 CVE-2023-28322: An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surp

CVE-2023-32067 [HIGH] CWE-400 CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target r c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched i

CVE-2023-31130 [MEDIUM] CWE-124 CVE-2023-31130: c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). How

CVE-2023-31147 [MEDIUM] CWE-330 CVE-2023-31147: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-a c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation an