Fedoraproject Fedora vulnerabilities

CVE-2023-0494 [HIGH] CWE-416 CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerCl A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding s

CVE-2023-0179 [HIGH] CWE-190 CVE-2023-0179: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

CVE-2023-1073 [MEDIUM] CWE-119 CVE-2023-1073: A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in h A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2021-3923 [LOW] CWE-200 CVE-2021-3923: A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a pr A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechani

CVE-2023-28686 [HIGH] CWE-639 CVE-2023-28686: Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the persona Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.

CVE-2023-28333 [CRITICAL] CWE-94 CVE-2023-28333: The Mustache pix helper contained a potential Mustache injection risk if combined with user input (n The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

CVE-2023-0056 [MEDIUM] CWE-400 CVE-2023-0056: An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the s An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

CVE-2023-28336 [MEDIUM] CWE-200 CVE-2023-28336: Insufficient filtering of grade report history made it possible for teachers to access the names of Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

CVE-2023-1289 [MEDIUM] CWE-20 CVE-2023-1289: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and ca A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot o

CVE-2023-1544 [MEDIUM] CWE-125 CVE-2023-1544: A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.

CVE-2023-1513 [LOW] CWE-665 CVE-2023-1513: A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.

CVE-2023-28439 [MEDIUM] CWE-79 CVE-2023-28439: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnera CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Poli

CVE-2023-1529 [CRITICAL] CWE-787 CVE-2023-1529: Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote atta Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)

CVE-2023-1533 [HIGH] CWE-416 CVE-2023-1533: Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to p Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1531 [HIGH] CWE-416 CVE-2023-1531: Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potent Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1528 [HIGH] CWE-416 CVE-2023-1528: Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who h Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1530 [HIGH] CWE-416 CVE-2023-1530: Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentia Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1532 [HIGH] CWE-125 CVE-2023-1532: Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker t Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-42332 [HIGH] CWE-416 CVE-2022-42332: x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translatio x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests,

CVE-2023-1534 [HIGH] CWE-125 CVE-2023-1534: Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who h Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)