Fedora Project Extra Packages Enterprise Linux

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation

CVE-2023-6395 9.8 - Critical - January 16, 2024

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c

CVE-2024-0232 5.5 - Medium - January 16, 2024

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

Dangling pointer

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations

CVE-2023-51766 5.3 - Medium - December 24, 2023

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

Insufficient Verification of Data Authenticity

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application

CVE-2023-4255 5.5 - Medium - December 21, 2023

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

Memory Corruption

Within tcpreplay's tcprewrite

CVE-2023-4256 5.5 - Medium - December 21, 2023

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

Double-free

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation

CVE-2023-5764 7.8 - High - December 12, 2023

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

CVE-2023-5341 5.5 - Medium - November 19, 2023

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

Dangling pointer

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity

CVE-2023-5543 3.3 - Low - November 09, 2023

When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.

Students in "Only see own membership" groups could see other students in the group

CVE-2023-5542 4.3 - Medium - November 09, 2023

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

Exposure of Resource to Wrong Sphere

A remote code execution risk was identified in the Lesson activity

CVE-2023-5539 8.8 - High - November 09, 2023

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

Code Injection

Insufficient web service capability checks made it possible to move categories a user had permission to manage

CVE-2023-5549 5.3 - Medium - November 09, 2023

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.

Improper Privilege Management

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

CVE-2023-5548 5.3 - Medium - November 09, 2023

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

Insufficient Verification of Data Authenticity

H5P metadata automatically populated the author with the user's username

CVE-2023-5545 5.3 - Medium - November 09, 2023

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

Exposure of Resource to Wrong Sphere

A remote code execution risk was identified in the IMSCP activity

CVE-2023-5540 8.8 - High - November 09, 2023

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

Code Injection

In a shared hosting environment

CVE-2023-5550 9.8 - Critical - November 09, 2023

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users

CVE-2023-5551 3.3 - Low - November 09, 2023

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick

CVE-2023-3428 5.5 - Medium - October 04, 2023

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

Memory Corruption

A vulnerability was found in cri-o

CVE-2022-4318 7.8 - High - September 25, 2023

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.

Improper Control of Dynamically-Managed Code Resources

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c

CVE-2023-38253 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Out-of-bounds Read

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c

CVE-2023-38252 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Out-of-bounds Read

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16

CVE-2023-34432 7.8 - High - July 10, 2023

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Memory Corruption

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18

CVE-2023-32627 5.5 - Medium - July 10, 2023

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

Incorrect Comparison

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41

CVE-2023-34318 7.8 - High - July 10, 2023

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

Memory Corruption

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58

CVE-2023-26590 5.5 - Medium - July 10, 2023

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

Incorrect Comparison

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c

CVE-2023-34474 5.5 - Medium - June 16, 2023

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Memory Corruption

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c

CVE-2023-34475 5.5 - Medium - June 16, 2023

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

Dangling pointer

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c

CVE-2023-3195 5.5 - Medium - June 16, 2023

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

Memory Corruption

A vulnerability was found in ImageMagick

CVE-2023-34152 9.8 - Critical - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Shell injection

A vulnerability was found in ImageMagick

CVE-2023-34151 5.5 - Medium - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

Integer Overflow or Wraparound

A vulnerability was found in ImageMagick

CVE-2023-34153 7.8 - High - May 30, 2023

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

Command Injection

The vulnerability was found Moodle which exists because the application

CVE-2023-30943 5.3 - Medium - May 02, 2023

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.

Externally Controlled Reference to a Resource in Another Sphere

The vulnerability was found Moodle

CVE-2023-30944 7.3 - High - May 02, 2023

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.

SQL Injection

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c

CVE-2023-1906 5.5 - Medium - April 12, 2023

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

Heap-based Buffer Overflow

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service

CVE-2023-0056 6.5 - Medium - March 23, 2023

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.

Resource Exhaustion

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault

CVE-2023-1289 5.5 - Medium - March 23, 2023

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

Improper Input Validation

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker

CVE-2022-4170 9.8 - Critical - December 09, 2022

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU

CVE-2022-4144 6.5 - Medium - November 29, 2022

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

Out-of-bounds Read

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle

CVE-2022-45152 9.1 - Critical - November 25, 2022

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

SSRF

The H5P activity attempts report did not filter by groups

CVE-2022-40316 4.3 - Medium - September 30, 2022

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

AuthZ

A limited SQL injection risk was identified in the "browse list of users" site administration page.

CVE-2022-40315 9.8 - Critical - September 30, 2022

A limited SQL injection risk was identified in the "browse list of users" site administration page.

SQL Injection

Recursive rendering of Mustache template helpers containing user input could

CVE-2022-40313 7.1 - High - September 30, 2022

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

XSS

A heap buffer overflow issue was found in ImageMagick

CVE-2022-3213 5.5 - Medium - September 19, 2022

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Memory Corruption

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

CVE-2022-0367 7.8 - High - August 29, 2022

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

Memory Corruption

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring

CVE-2020-14394 3.2 - Low - August 17, 2022

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Infinite Loop

In ImageMagick

CVE-2022-2719 5.5 - Medium - August 10, 2022

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

assertion failure

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114

CVE-2022-2294 8.8 - High - July 28, 2022

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114

CVE-2022-2296 8.8 - High - July 28, 2022

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Dangling pointer

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134

CVE-2022-2163 8.8 - High - July 28, 2022

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Dangling pointer

Type confusion in V8 in Google Chrome prior to 103.0.5060.114

CVE-2022-2295 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Object Type Confusion

Type confusion in V8 in Google Chrome prior to 103.0.5060.53

CVE-2022-2158 8.8 - High - July 28, 2022

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer