Fedoraproject Fedora vulnerabilities

CVE-2023-2194 [MEDIUM] CWE-787 CVE-2023-2194: An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve cod

CVE-2023-2136 [CRITICAL] CWE-190 CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2134 [HIGH] CWE-787 CVE-2023-2134: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2137 [HIGH] CWE-787 CVE-2023-2137: Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2135 [HIGH] CWE-416 CVE-2023-2135: Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who co Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-2133 [HIGH] CWE-787 CVE-2023-2133: Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-27043 [MEDIUM] CWE-20 CVE-2023-27043: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a speci

CVE-2023-21911 [MEDIUM] CVE-2023-21911: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause

CVE-2023-21919 [MEDIUM] CVE-2023-21919: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to c

CVE-2023-21962 [MEDIUM] CVE-2023-21962: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthoriz

CVE-2023-21953 [MEDIUM] CVE-2023-21953: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-21929 [MEDIUM] CVE-2023-21929: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to c

CVE-2023-21955 [MEDIUM] CVE-2023-21955: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-21933 [MEDIUM] CVE-2023-21933: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versi Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to c

CVE-2023-21945 [MEDIUM] CVE-2023-21945: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-21940 [MEDIUM] CVE-2023-21940: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthor

CVE-2023-28856 [MEDIUM] CWE-20 CVE-2023-28856: Redis is an open source, in-memory database that persists on disk. Authenticated users can use the ` Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this i

CVE-2023-21935 [MEDIUM] CVE-2023-21935: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit

CVE-2023-21947 [MEDIUM] CVE-2023-21947: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthor

CVE-2023-21946 [MEDIUM] CVE-2023-21946: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability