Fedoraproject Fedora vulnerabilities

CVE-2024-27834 [MEDIUM] CWE-277 CVE-2024-27834: The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPa The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

CVE-2024-32020 [LOW] CWE-281 CVE-2024-32020: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritt

CVE-2024-4558 [CRITICAL] CWE-416 CVE-2024-4558: Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potent Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-34397 [MEDIUM] CWE-290 CVE-2024-34397: An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDB An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by

CVE-2024-4559 [MEDIUM] CWE-787 CVE-2024-4559: Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-34069 [HIGH] CWE-352 CVE-2024-34069: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkz Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it

CVE-2024-34064 [MEDIUM] CVE-2024-34064: Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders t

CVE-2024-34502 [CRITICAL] CWE-352 CVE-2024-34502: An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41 An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token.

CVE-2024-34506 [HIGH] CWE-400 CVE-2024-34506: An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

CVE-2024-34507 [HIGH] CWE-80 CVE-2024-34507: An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1 An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

CVE-2024-34500 [MEDIUM] CWE-79 CVE-2024-34500: An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class.

CVE-2024-34402 [HIGH] CWE-190 CVE-2024-34402: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

CVE-2024-34403 [MEDIUM] CWE-190 CVE-2024-34403: An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an inte An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

CVE-2024-4215 [HIGH] CWE-89 CVE-2024-4215: pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA e

CVE-2024-4140 [HIGH] CWE-770 CVE-2024-4140: An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.

CVE-2024-4216 [MEDIUM] CWE-79 CVE-2024-4216: pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This v pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

CVE-2023-47212 [CRITICAL] CWE-190 CVE-2023-47212: A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.2 A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-4058 [HIGH] CWE-843 CVE-2024-4058: Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potenti Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2024-26988 [HIGH] CWE-787 CVE-2024-26988: In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential stat In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extra_command_line and command_line, rather than extra_command_line and boot_

CVE-2024-27000 [HIGH] CVE-2024-27000: In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut her