Fedoraproject Fedora vulnerabilities

CVE-2024-3833 [HIGH] CWE-374 CVE-2024-3833: Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker t Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-4234 [HIGH] CWE-119 CVE-2023-4234: A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered with A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it

CVE-2024-3914 [MEDIUM] CWE-416 CVE-2024-3914: Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentiall Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-3847 [MEDIUM] CWE-79 CVE-2024-3847: Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote at Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2024-3841 [MEDIUM] CWE-79 CVE-2024-3841: Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a r Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)

CVE-2024-3846 [MEDIUM] CVE-2024-3846: Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote att Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2024-3845 [MEDIUM] CWE-358 CVE-2024-3845: Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote at Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2024-3843 [MEDIUM] CWE-290 CVE-2024-3843: Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote a Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2024-3844 [MEDIUM] CWE-358 CVE-2024-3844: Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

CVE-2024-31585 [MEDIUM] CWE-193 CVE-2024-31585: FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilt FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVE-2022-24805 [HIGH] CWE-120 CVE-2022-24805: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials

CVE-2022-24810 [HIGH] CWE-476 CVE-2022-24810: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those

CVE-2022-24809 [MEDIUM] CWE-476 CVE-2022-24809: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credenti

CVE-2022-24808 [MEDIUM] CWE-476 CVE-2022-24808: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing

CVE-2022-24806 [MEDIUM] CWE-20 CVE-2022-24806: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avo

CVE-2024-21096 [MEDIUM] CWE-829 CVE-2024-21096: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this

CVE-2022-24807 [MEDIUM] CWE-120 CVE-2022-24807: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable` can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 c

CVE-2024-3772 [HIGH] CWE-1333 CVE-2024-3772: Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

CVE-2024-31497 [MEDIUM] CWE-338 CVE-2024-31497: In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly rea

CVE-2023-49528 [HIGH] CWE-122 CVE-2023-49528: Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execu Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.