Fedoraproject Fedora vulnerabilities

CVE-2024-32021 [HIGH] CVE-2024-32021: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over t

CVE-2024-4761 [HIGH] CWE-787 CVE-2024-4761: Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perf Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

CVE-2024-32004 [HIGH] CWE-114 CVE-2024-32004: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround

CVE-2024-27401 [HIGH] CVE-2024-27401: In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_len In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read

CVE-2024-25641 [HIGH] CWE-20 CVE-2024-25641: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_pa

CVE-2024-31445 [HIGH] CWE-89 CVE-2024-31445: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` li

CVE-2024-4854 [HIGH] CWE-835 CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6. MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

CVE-2024-32465 [HIGH] CVE-2024-32465: Git is a revision control system. The Git project recommends to avoid working in untrusted repositor Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the contex

CVE-2024-31458 [HIGH] CWE-89 CVE-2024-31458: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, so Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulti

CVE-2024-27398 [HIGH] CWE-416 CVE-2024-27398: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free b In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock will be deallocated later, but it is dereferenced ag

CVE-2024-31459 [HIGH] CWE-98 CVE-2024-31459: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, th Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which r

CVE-2024-31460 [HIGH] CWE-89 CVE-2024-31460: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, so Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based second

CVE-2024-31444 [MEDIUM] CWE-79 CVE-2024-31444: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, so Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-s

CVE-2024-27399 [MEDIUM] CWE-476 CVE-2024-27399: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr- In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be set to null. But the conn could be dereferenced again in the mutex_loc

CVE-2024-31443 [MEDIUM] CWE-79 CVE-2024-31443: Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of th Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 c

CVE-2024-3044 [MEDIUM] CWE-356 CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an at Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

CVE-2024-29894 [MEDIUM] CVE-2024-29894: Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out o

CVE-2024-27400 [MEDIUM] CVE-2024-27400: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the c In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not available any more. Some fixes were suggested, but essentially w

CVE-2024-4853 [MEDIUM] CWE-762 CVE-2024-4853: Memory handling issue in editcap could cause denial of service via crafted capture file Memory handling issue in editcap could cause denial of service via crafted capture file

CVE-2024-4855 [MEDIUM] CWE-416 CVE-2024-4855: Use after free issue in editcap could cause denial of service via crafted capture file Use after free issue in editcap could cause denial of service via crafted capture file