Fedoraproject Fedora vulnerabilities

CVE-2023-1823 [MEDIUM] CVE-2023-1823: Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attac Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1821 [MEDIUM] CVE-2023-1821: Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote at Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1817 [MEDIUM] CVE-2023-1817: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowe Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-36440 [HIGH] CWE-617 CVE-2022-36440: A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

CVE-2023-26916 [MEDIUM] CWE-476 CVE-2023-26916: libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the functi libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.

CVE-2023-1611 [MEDIUM] CWE-416 CVE-2023-1611: A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kerne A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea

CVE-2023-29141 [CRITICAL] CWE-444 CVE-2023-29141: An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

CVE-2023-28756 [MEDIUM] CWE-1333 CVE-2023-28756: A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time par A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.

CVE-2023-28755 [MEDIUM] CWE-1333 CVE-2023-28755: A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI pars A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.

CVE-2023-27533 [HIGH] CWE-75 CVE-2023-27533: A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protoc A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This v

CVE-2023-27534 [HIGH] CWE-22 CVE-2023-27534: A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) charac A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbi

CVE-2023-1393 [HIGH] CWE-416 CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escala A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

CVE-2023-27538 [MEDIUM] CWE-305 CVE-2023-27538: An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previousl An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two

CVE-2023-27535 [MEDIUM] CWE-305 CVE-2023-27535: An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_

CVE-2023-26118 [MEDIUM] CWE-1333 CVE-2023-26118: Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (R Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

CVE-2023-27536 [MEDIUM] CWE-305 CVE-2023-27536: An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which c An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result

CVE-2023-26116 [MEDIUM] CWE-1333 CVE-2023-26116: Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ( Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

CVE-2023-26117 [MEDIUM] CWE-1333 CVE-2023-26117: Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (R Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

CVE-2023-0664 [HIGH] CWE-250 CVE-2023-0664: A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.

CVE-2023-28447 [MEDIUM] CWE-79 CVE-2023-28447: Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unautho