Fedora Project Fedora
By the Year
In 2023 there have been 469 vulnerabilities in Fedora Project Fedora with an average score of 6.7 out of ten. Last year Fedora had 973 security vulnerabilities published. Right now, Fedora is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.38
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 469 | 6.74 |
2022 | 973 | 7.13 |
2021 | 1147 | 7.11 |
2020 | 841 | 6.83 |
2019 | 625 | 7.10 |
2018 | 70 | 7.22 |
It may take a day or so for new Fedora vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fedora Project Fedora Security Vulnerabilities
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199
CVE-2023-6348
8.8 - High
- November 29, 2023
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in libavif in Google Chrome prior to 119.0.6045.199
CVE-2023-6351
8.8 - High
- November 29, 2023
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Dangling pointer
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199
CVE-2023-6345
9.6 - Critical
- November 29, 2023
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Integer Overflow or Wraparound
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199
CVE-2023-6346
8.8 - High
- November 29, 2023
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Mojo in Google Chrome prior to 119.0.6045.199
CVE-2023-6347
8.8 - High
- November 29, 2023
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in libavif in Google Chrome prior to 119.0.6045.199
CVE-2023-6350
8.8 - High
- November 29, 2023
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Dangling pointer
A vulnerability was found
CVE-2023-5981
5.9 - Medium
- November 28, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Side Channel Attack
An out-of-memory flaw was found in libtiff
CVE-2023-6277
6.5 - Medium
- November 24, 2023
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
Resource Exhaustion
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel
CVE-2023-5972
7.8 - High
- November 23, 2023
A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.
NULL Pointer Dereference
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel
CVE-2023-6238
7.8 - High
- November 21, 2023
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. An unprivileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.
Classic Buffer Overflow
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-5341
5.5 - Medium
- November 19, 2023
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
Dangling pointer
Vim is an open source command line text editor
CVE-2023-48232
4.3 - Medium
- November 16, 2023
Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vim is an open source command line text editor
CVE-2023-48233
4.3 - Medium
- November 16, 2023
Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vim is an open source command line text editor
CVE-2023-48234
4.3 - Medium
- November 16, 2023
Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vim is an open source command line text editor
CVE-2023-48235
4.3 - Medium
- November 16, 2023
Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vim is an open source command line text editor
CVE-2023-48236
4.3 - Medium
- November 16, 2023
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Vim is an open source command line text editor
CVE-2023-48237
4.3 - Medium
- November 16, 2023
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A security issue was discovered in Kubernetes where a user
CVE-2023-5528
8.8 - High
- November 14, 2023
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6
CVE-2023-46849
7.5 - High
- November 11, 2023
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Divide By Zero
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir
CVE-2023-46850
9.8 - Critical
- November 11, 2023
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Dangling pointer
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity
CVE-2023-5543
3.3 - Low
- November 09, 2023
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users
CVE-2023-5551
3.3 - Low
- November 09, 2023
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
In a shared hosting environment
CVE-2023-5550
9.8 - Critical
- November 09, 2023
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
A remote code execution risk was identified in the IMSCP activity
CVE-2023-5540
8.8 - High
- November 09, 2023
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
Code Injection
Students in "Only see own membership" groups could see other students in the group
CVE-2023-5542
4.3 - Medium
- November 09, 2023
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
Exposure of Resource to Wrong Sphere
H5P metadata automatically populated the author with the user's username
CVE-2023-5545
5.3 - Medium
- November 09, 2023
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
Exposure of Resource to Wrong Sphere
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5548
5.3 - Medium
- November 09, 2023
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
Insufficient Verification of Data Authenticity
Insufficient web service capability checks made it possible to move categories a user had permission to manage
CVE-2023-5549
5.3 - Medium
- November 09, 2023
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
Improper Privilege Management
A race condition was found in the QXL driver in the Linux kernel
CVE-2023-39198
6.4 - Medium
- November 09, 2023
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
Dangling pointer
A remote code execution risk was identified in the Lesson activity
CVE-2023-5539
8.8 - High
- November 09, 2023
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
Code Injection
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVE-2023-5544
5.4 - Medium
- November 09, 2023
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
XSS
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVE-2023-5546
5.4 - Medium
- November 09, 2023
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
XSS
The course upload preview contained an XSS risk for users uploading unsafe data.
CVE-2023-5547
6.1 - Medium
- November 09, 2023
The course upload preview contained an XSS risk for users uploading unsafe data.
XSS
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123
CVE-2023-5996
8.8 - High
- November 08, 2023
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory
CVE-2023-3961
9.8 - Critical
- November 03, 2023
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.
Directory traversal
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel
CVE-2023-1194
8.1 - High
- November 03, 2023
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.
Out-of-bounds Read
A flaw was found in Samba
CVE-2023-42670
6.5 - Medium
- November 03, 2023
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.
A vulnerability was discovered in Samba, where the flaw
CVE-2023-4091
6.5 - Medium
- November 03, 2023
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.
Incorrect Default Permissions
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack
CVE-2023-41164
7.5 - High
- November 03, 2023
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
Improper Validation of Specified Quantity in Input
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack
CVE-2023-43665
7.5 - High
- November 03, 2023
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
Improper Validation of Specified Quantity in Input
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10
CVE-2023-41914
7 - High
- November 03, 2023
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.
Race Condition
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105
CVE-2023-5480
6.1 - Medium
- November 01, 2023
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
XSS
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105
CVE-2023-5482
8.8 - High
- November 01, 2023
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Insufficient Verification of Data Authenticity
Integer overflow in USB in Google Chrome prior to 119.0.6045.105
CVE-2023-5849
8.8 - High
- November 01, 2023
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Integer Overflow or Wraparound
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5850
4.3 - Medium
- November 01, 2023
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5851
4.3 - Medium
- November 01, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Origin Validation Error
Use after free in Printing in Google Chrome prior to 119.0.6045.105
CVE-2023-5852
8.8 - High
- November 01, 2023
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5853
4.3 - Medium
- November 01, 2023
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Origin Validation Error
Use after free in Profiles in Google Chrome prior to 119.0.6045.105
CVE-2023-5854
8.8 - High
- November 01, 2023
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105
CVE-2023-5855
8.8 - High
- November 01, 2023
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105
CVE-2023-5856
8.8 - High
- November 01, 2023
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5857
8.8 - High
- November 01, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105
CVE-2023-5858
4.3 - Medium
- November 01, 2023
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Origin Validation Error
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105
CVE-2023-5859
4.3 - Medium
- November 01, 2023
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
Origin Validation Error
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick
CVE-2023-5349
3.3 - Low
- October 30, 2023
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.
Memory Leak
A use-after-free flaw was found in the xorg-x11-server
CVE-2023-5380
4.7 - Medium
- October 25, 2023
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Dangling pointer
A out-of-bounds write flaw was found in the xorg-x11-server
CVE-2023-5367
7.8 - High
- October 25, 2023
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Memory Corruption
Use after free in Profiles in Google Chrome prior to 118.0.5993.117
CVE-2023-5472
8.8 - High
- October 25, 2023
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
CVE-2023-31122
7.5 - High
- October 23, 2023
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
Out-of-bounds Read
When a HTTP/2 stream was reset (RST frame) by a client
CVE-2023-45802
5.9 - Medium
- October 23, 2023
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.
Resource Exhaustion
Redis is an in-memory database that persists on disk
CVE-2023-45145
3.6 - Low
- October 18, 2023
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Exposure of Resource to Wrong Sphere
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects
CVE-2023-39332
9.8 - Critical
- October 18, 2023
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Directory traversal
urllib3 is a user-friendly HTTP client library for Python
CVE-2023-45803
4.2 - Medium
- October 17, 2023
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
Information Disclosure
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server:
CVE-2023-39456
7.5 - High
- October 17, 2023
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
Improper Input Validation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server:
CVE-2023-41752
7.5 - High
- October 17, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
Information Disclosure
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user
CVE-2023-43789
5.5 - Medium
- October 12, 2023
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.
Out-of-bounds Read
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70
CVE-2023-5218
8.8 - High
- October 11, 2023
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70
CVE-2023-5475
6.5 - Medium
- October 11, 2023
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70
CVE-2023-5484
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70
CVE-2023-5487
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption
CVE-2023-39325
7.5 - High
- October 11, 2023
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.
Resource Exhaustion
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
CVE-2023-5535
7.8 - High
- October 11, 2023
Use After Free in GitHub repository vim/vim prior to v9.0.2010.
Dangling pointer
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform
CVE-2023-37536
8.8 - High
- October 11, 2023
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
Integer Overflow or Wraparound
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation
CVE-2023-45129
4.9 - Medium
- October 10, 2023
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.
Allocation of Resources Without Limits or Throttling
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function
CVE-2023-43788
5.5 - Medium
- October 10, 2023
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
Out-of-bounds Read
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function
CVE-2023-43785
5.5 - Medium
- October 10, 2023
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
Out-of-bounds Read
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function
CVE-2023-43787
7.8 - High
- October 10, 2023
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
Integer Overflow or Wraparound
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function
CVE-2023-43786
5.5 - Medium
- October 10, 2023
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
Infinite Loop
libcue provides an API for parsing and extracting data from CUE sheets
CVE-2023-43641
8.8 - High
- October 09, 2023
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.
Memory Corruption
A flaw was found in the Netfilter subsystem in the Linux kernel
CVE-2023-39189
6 - Medium
- October 09, 2023
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Out-of-bounds Read
A flaw was found in the XFRM subsystem in the Linux kernel
CVE-2023-39194
4.4 - Medium
- October 09, 2023
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.
Out-of-bounds Read
A flaw was found in the Netfilter subsystem in the Linux kernel
CVE-2023-39193
6 - Medium
- October 09, 2023
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Out-of-bounds Read
A flaw was found in the Netfilter subsystem in the Linux kernel
CVE-2023-39192
6 - Medium
- October 09, 2023
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.
Out-of-bounds Read
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2023-43615
7.5 - High
- October 07, 2023
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
Classic Buffer Overflow
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled
CVE-2023-45239
9.8 - Critical
- October 06, 2023
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5
CVE-2023-39928
8.8 - High
- October 06, 2023
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Dangling pointer
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives
CVE-2023-39323
9.8 - Critical
- October 05, 2023
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
CVE-2023-5441
5.5 - Medium
- October 05, 2023
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
NULL Pointer Dereference
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c
CVE-2023-41175
6.5 - Medium
- October 05, 2023
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Integer Overflow or Wraparound
LibTIFF is vulnerable to an integer overflow
CVE-2023-40745
6.5 - Medium
- October 05, 2023
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Integer Overflow or Wraparound
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack
CVE-2023-42754
5.5 - Medium
- October 05, 2023
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
NULL Pointer Dereference
Type confusion in V8 in Google Chrome prior to 117.0.5938.149
CVE-2023-5346
8.8 - High
- October 05, 2023
Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick
CVE-2023-3428
5.5 - Medium
- October 04, 2023
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
Memory Corruption
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel
CVE-2023-39191
8.2 - High
- October 04, 2023
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.
A memory leak flaw was found in Libtiff's tiffcrop utility
CVE-2023-3576
5.5 - Medium
- October 04, 2023
A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
Memory Leak
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable
CVE-2023-4911
7.8 - High
- October 03, 2023
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Memory Corruption
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation
CVE-2023-5345
7.8 - High
- October 03, 2023
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.
Dangling pointer
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
CVE-2023-5344
7.5 - High
- October 02, 2023
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Heap-based Buffer Overflow
VP9 in libvpx before 1.13.1 mishandles widths
CVE-2023-44488
7.5 - High
- September 30, 2023
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Improper Handling of Exceptional Conditions
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Fedora Project? Click the Watch button to subscribe.
