Fedora Project Fedora

CVE-2023-4134: Use-After-Free in cyttsp4_core Linux Kernel Driver
CVE-2023-4134 5.5 - Medium - November 14, 2024

A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.

Dangling pointer

Podman IPC Namespace Resource Exhaustion DoS via /dev/shm
CVE-2024-3056 7.7 - High - August 02, 2024

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources until it is out-of-memory (OOM) killed. While the malicious container's cgroup will be removed, the IPC resources it created are not. Those resources are tied to the IPC namespace that will not be removed until all containers using it are stopped, and one non-malicious container is holding the namespace open. The malicious container is restarted, either automatically or by attacker control, repeating the process and increasing the amount of memory consumed. With a container configured to restart always, such as `podman run --restart=always`, this can result in a memory-based denial of service of the system.

Resource Exhaustion

Use-After-Free in Dawn in Google Chrome before 126.0.6478.126
CVE-2024-6290 8.8 - High - June 24, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use-after-free in Dawn (Chrome <126.0.6478.126) allows heap corruption
CVE-2024-6293 8.8 - High - June 24, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use-after-free in Chrome <126.0.6478.126 (Dawn) - remote heap corruption
CVE-2024-6292 8.8 - High - June 24, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Chrome Swiftshader Use-After-Free (126.0.6478.126)
CVE-2024-6291 8.8 - High - June 24, 2024

Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Multiple CSRF Risks from Wrong CSRF Token Checks
CVE-2024-38276 8.8 - High - June 18, 2024

Incorrect CSRF token checks resulted in multiple CSRF risks.

Session Riding

Key reuse across QR & auto-login flows (CVE-2024-38277)
CVE-2024-38277 - June 18, 2024

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

Calendar Event Deletion Stored XSS due to insufficient title escaping
CVE-2024-38274 - June 18, 2024

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.

CVE-2024-38273: Access Control Bypass via Bad Cap Checks in BigBlueButton URLs
CVE-2024-38273 - June 18, 2024

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Chrome V8 OOB Write <126.0.6478.54 Type Confusion
CVE-2024-5830 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

UAF in Chrome Dawn (pre-126.0.6478.54)
CVE-2024-5831 8.8 - High - June 11, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use-After-Free in Chrome Dawn (v<126.0.6478.54) Remote Heap Exploit
CVE-2024-5832 8.8 - High - June 11, 2024

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Chrome V8 Type Confusion <126.0.6478.54 OOB
CVE-2024-5833 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Remote Code Execution via HTML in Chrome<126.0.6478.54 (CVE-2024-5834)
CVE-2024-5834 8.8 - High - June 11, 2024

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Use after free in PDFium PDF viewer in Chrome <126.0.6478.54
CVE-2024-5847 8.8 - High - June 11, 2024

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Dangling pointer

UAF in PDFium of Google Chrome <=126.0.6478.54
CVE-2024-5846 8.8 - High - June 11, 2024

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Dangling pointer

Use After Free in Chrome Audio (PDF) <126.0.6478.54
CVE-2024-5845 8.8 - High - June 11, 2024

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Dangling pointer

Chrome <126.0.6478.54: Heap Buffer Overflow in Tab Strip via HTML
CVE-2024-5844 8.8 - High - June 11, 2024

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Memory Corruption

Google Chrome <126.0.6478.54: Downloads UI Obfuscation Vulnerability
CVE-2024-5843 6.5 - Medium - June 11, 2024

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium)

Use-after-free in Chrome Browser UI (prior to 126.0.6478.54)
CVE-2024-5842 8.8 - High - June 11, 2024

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use-After-Free in V8 of Chromium <126.0.6478.54
CVE-2024-5841 8.8 - High - June 11, 2024

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

CORS Policy Bypass in Chrome <126.0.6478.54
CVE-2024-5840 6.5 - Medium - June 11, 2024

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Chrome <=126.0.6478.54 Heap Corrupt via Mem Alloc | CVE-2024-5839
CVE-2024-5839 6.5 - Medium - June 11, 2024

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Out-of-Bounds Memory Access via Type Confusion in V8 (Google Chrome <126.0.6478.54)
CVE-2024-5838 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Chrome V8 Type Confusion via Crafted Page (V<126.0.6478.54)
CVE-2024-5837 8.8 - High - June 11, 2024

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Chrome DevTools CVE-2024-5836: Inappropriate Extension Exec Pre-126.0.6478.54
CVE-2024-5836 8.8 - High - June 11, 2024

Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

Heap overflow in Chrome Tab Groups before 126.0.6478.54
CVE-2024-5835 8.8 - High - June 11, 2024

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

PHP 8.1-8.3: Windows CGI Cmd Line Option Injection via Best-Fit CP
CVE-2024-4577 9.8 - Critical - June 09, 2024

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Shell injection

PHP OpenSSL PKCS1 PrivateDecrypt Vulnerable to Marvin Attack before 8.1.29
CVE-2024-2408 5.9 - Medium - June 09, 2024

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.

Side Channel Attack

PHP 8.1-8.3 FILTER_VALIDATE_URL allows invalid userinfo
CVE-2024-5458 5.3 - Medium - June 09, 2024

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Insufficient Verification of Data Authenticity

PHP <8.1.29/8.2.20/8.3.8 Proc_Open Cmd Inject via Trailing Space
CVE-2024-5585 8.8 - High - June 09, 2024

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

Output Sanitization

Chrome OOB Write via Streams API <125.0.6422.141
CVE-2024-5499 8.8 - High - May 30, 2024

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Google Chrome <125 UF in Presentation API
CVE-2024-5498 8.8 - High - May 30, 2024

Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

OOB MEM ACCESS IN CHROME Browser UI <125.0.6422.141
CVE-2024-5497 8.8 - High - May 30, 2024

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Google Chrome AAF in Media Session before 125.0.6422.141 High
CVE-2024-5496 8.8 - High - May 30, 2024

Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

UAF in Dawn of Chrome <125.0.6422.141
CVE-2024-5495 8.8 - High - May 30, 2024

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use-After-Free in Dawn (Chrome <125.0.6422.141) Remote Heap Corruption
CVE-2024-5494 8.8 - High - May 30, 2024

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Chrome WebRTC Heap Buffer Overflow (125.0.6422.141)
CVE-2024-5493 8.8 - High - May 30, 2024

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

NGINX QUIC Packet Leak: Undisclosed QUIC Causes Worker Process Memory Leak
CVE-2024-34161 5.3 - Medium - May 29, 2024

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

Dangling pointer

NGINX: Worker Crashes via Undisclosed HTTP/3 QUIC Requests
CVE-2024-35200 5.3 - Medium - May 29, 2024

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate.

NULL Pointer Dereference

NGINX HTTP/3 QUIC Encoder Crash in NGINX Plus/OSS
CVE-2024-32760 6.5 - Medium - May 29, 2024

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.

Memory Corruption

NGINX HTTP/3 QUIC Module Process Termination via Undisclosed Requests
CVE-2024-31079 4.8 - Medium - May 29, 2024

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.

Memory Corruption

Chrome V8 Type Confusion RCE 125.0.6422.112
CVE-2024-5274 8.3 - High - May 28, 2024

Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

V8 Type Confusion in Chrome <125.0.6422.76 RCE
CVE-2024-5158 8.1 - High - May 22, 2024

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Chrome <=125.0.6422.76: Heap overflow via Dawn (GPU) Web page
CVE-2024-5160 8.8 - High - May 22, 2024

Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Google Chrome Use-After-Free in Scheduling before v125.0.6422.76
CVE-2024-5157 8.8 - High - May 22, 2024

Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

ANGLE Heap Buffer Overflow in Chrome <125.0.6422.76 Remote OOB Memory Read
CVE-2024-5159 8.8 - High - May 22, 2024

Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Out-of-bounds Read

Linux kernel BUG_ON control parser flaw (CVE-2024-35947)
CVE-2024-35947 5.5 - Medium - May 19, 2024

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.

Predictable PRNG Seeding in Qt QAbstractOAuth (pre-5.15.17/6.2.13)
CVE-2024-36048 9.8 - Critical - May 18, 2024

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

PRNG