Latest fedoraproject fedora Vulnerabilities

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Ph...
W1.fi Wpa Supplicant<2.10
Google Android
Google Chrome OS
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=39
and 2 more
Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2022
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2022, 23H2 Edition
Microsoft Windows Server 2022
and 51 more
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl...
Linux Linux kernel<5.10.210
Linux Linux kernel>=5.11.0<5.15.149
Linux Linux kernel>=5.16.0<6.1.79
Linux Linux kernel>=6.2.0<6.6.18
Linux Linux kernel>=6.7.0<6.7.6
Fedoraproject Fedora=38
and 1 more
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due t...
Cisco Secure Endpoint<7.5.17
Cisco Secure Endpoint>=8.0.1.21160<8.2.3.30119
Cisco Secure Endpoint Private Cloud<3.8.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/clamav<1.0.5+dfsg-0ubuntu0.23.10.1
and 1 more
114 is being updated in the LTS (Long Term Support) channel, to version 1140.5735.358 (Platform Version: 15437.98.0) for most ChromeOS devices.
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.160
Fedoraproject Fedora=38
Fedoraproject Fedora=39
High Heap buffer overflow in Skia[41494539] High CVE-2024-1284 Use after free in MojoChromeOS Vulnerability Bug Fixes:High - Users are able to bypass policies using kiosk apps in kiosk mode
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.160
Fedoraproject Fedora=38
Fedoraproject Fedora=39
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
Aiohttp Aiohttp>=1.0.5<3.9.2
Fedoraproject Fedora=39
pip/aiohttp>=1.0.5<3.9.2
redhat/aiohttp<3.9.2
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Aiohttp Aiohttp<3.9.2
Fedoraproject Fedora=39
pip/aiohttp<3.9.2
redhat/aiohttp<3.9.2
Integer underflow in WebUI
Microsoft Edge<121.0.2277.83
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Use after free in WebAudio
Microsoft Edge<121.0.2277.83
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Shim: out of bounds read when parsing mz binaries
redhat/shim<15.8
Redhat Shim<15.8
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Shim: out-of-bound read in verify_buffer_sbat()
redhat/shim<15.8
Redhat Shim<15.8
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Linux: netback processing of zero-length transmit fragment
Linux Linux kernel>=4.14<6.7
Fedoraproject Fedora=38
Fedoraproject Fedora=39
debian/linux<=4.19.249-2<=4.19.304-1<=5.10.205-2<=6.1.69-1
ubuntu/linux<4.15.0-223.235
ubuntu/linux<6.8~
and 63 more
Potential authentication and CSRF tokens leak in JupyterLab
pip/notebook>=7.0.0<=7.0.6
pip/jupyterlab<=3.6.6
pip/jupyterlab>=4.0.0<=4.0.10
Jupyter Jupyterlab<3.6.7
Jupyter Jupyterlab>=4.0.0<4.0.11
Jupyter Notebook>=7.0.0<7.0.7
and 1 more
Stored cross site scripting in Markdown Preview in JupyterLab
Jupyter Jupyterlab>=4.0.0<4.0.11
Jupyter Notebook>=7.0.0<7.0.7
pip/notebook>=7.0.0<=7.0.6
pip/jupyterlab>=4.0.0<=4.0.10
Fedoraproject Fedora=39
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
redhat/ansible<2.14.4
redhat/ansible<2.15.9
redhat/ansible<2.16.3
Redhat Ansible<2.14.4
Redhat Ansible>=2.15.0<2.15.9
Redhat Ansible>=2.16.0<2.16.3
and 12 more
runc container breakout through process.cwd trickery and leaked fds
ubuntu/runc<1.1.4-0ubuntu1~18.04.2+
ubuntu/runc<1.1.7-0ubuntu1~20.04.2
ubuntu/runc<1.1.7-0ubuntu1~22.04.2
ubuntu/runc<1.1.7-0ubuntu2.2
ubuntu/runc<1.1.12
go/github.com/opencontainers/runc>=1.0.0-rc93<=1.1.11
and 7 more
Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
Linux Linux kernel<6.7
Linux Linux kernel=6.7-rc1
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/kernel<6.7
and 100 more
Gnutls: incomplete fix for cve-2023-5981
ubuntu/gnutls28<3.8.3-1
ubuntu/gnutls28<3.6.13-2ubuntu1.10
ubuntu/gnutls28<3.7.3-4ubuntu1.4
ubuntu/gnutls28<3.7.8-5ubuntu1.2
ubuntu/gnutls28<3.8.1-4ubuntu1.2
debian/gnutls28<=3.6.7-4+deb10u8<=3.7.1-5+deb11u4<=3.7.1-5+deb11u3
and 9 more
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Relax-and-recover Relax-and-recover<=2.7
SUSE Linux Enterprise=15.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
Linux Linux kernel>=6.2<6.4
Linux Linux kernel=6.4-rc1
Linux Linux kernel=6.4-rc2
Linux Linux kernel=6.4-rc3
Linux Linux kernel=6.4-rc4
Linux Linux kernel=6.4-rc5
and 4 more
Redis vulnerable to integer overflow in certain payloads
Redis Redis>=7.0.9<7.0.15
Redis Redis>=7.2.0<7.2.4
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Xorg-x11-server: selinux context corruption
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<2:21.1.11-1
ubuntu/xorg-server<2:1.20.13-1ubuntu1~20.04.14
and 38 more
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
debian/xorg-server<=2:1.20.4-1+deb10u4
debian/xwayland<=2:22.1.9-1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
and 23 more
Xorg-x11-server: selinux unlabeled glx pbuffer
redhat/xorg-server<21.1.11
redhat/xwayland<23.2.4
debian/xorg-server<=2:1.20.4-1+deb10u4
debian/xwayland<=2:22.1.9-1
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
and 39 more
Out of bounds write in V8
Google Chrome<120.0.6099.234
Microsoft Edge<120.0.2210.144
Microsoft Edge (Chromium-based)
Google Chrome=120.0.6099.224
Google Chrome=120.0.6099.225
Google Chrome=120.0.6099.234
and 3 more
Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
=8.0
=9.0
=40
Kernel: aoe: improper reference count leads to use-after-free vulnerability
Linux Linux kernel
Fedoraproject Fedora=39
Use after free in WebGPU[41487330] High CVE-2024-1059 Use after free in WebRTCChromeOS Vulnerability Bug Fixes:[ ] High CVE-2024-0204 Users are able to bypass policies using kiosk apps in kiosk mo...
Microsoft Edge<120.0.2210.121
Microsoft Edge (Chromium-based)
Google Chrome<120.0.6099.199
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Packagekitd: use-after-free in idle function callback
redhat/PackageKit<1.2.7
Packagekit Project Packagekit<1.2.7
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
Insufficient policy enforcement in iOS Security UI
Google Chrome<121.0.6167.85
Microsoft Edge (Chromium-based)
Microsoft Edge<121.0.2277.83
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Inappropriate implementation in Downloads
Google Chrome<121.0.6167.85
Microsoft Edge (Chromium-based)
Microsoft Edge<121.0.2277.83
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Use after free in WebRTC
Google Chrome<121.0.6167.139
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.139
Fedoraproject Fedora=38
Fedoraproject Fedora=39
heap buffer overflow in libaom
Aomedia Aomedia<3.7.1
Fedoraproject Fedora=38
Fedoraproject Fedora=39
SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
ubuntu/sqlite3<3.44.2-1
ubuntu/sqlite3<3.31.1-4ubuntu0.6
ubuntu/sqlite3<3.37.2-2ubuntu0.3
ubuntu/sqlite3<3.40.1-1ubuntu0.1
ubuntu/sqlite3<3.42.0-1ubuntu0.1
SQLite SQLite<=3.43.0
and 6 more
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
Google Chrome=120.0.6099.129/130
Spreadsheet::ParseExcel Spreadsheet::ParseExcel=0.65
Spreadsheet::ParseExcel Spreadsheet::ParseExcel
Google Chrome<=0.65
Debian Debian Linux=10.0
Fedoraproject Fedora=38
and 1 more
Exim: SMTP smuggling
ubuntu/exim4<4.86.2-2ubuntu2.6+
ubuntu/exim4<4.90.1-1ubuntu1.10+
ubuntu/exim4<4.93-13ubuntu1.10
ubuntu/exim4<4.95-4ubuntu2.5
ubuntu/exim4<4.96-17ubuntu2.2
ubuntu/exim4<4.97-3
and 8 more
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-2
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in rec...
debian/postfix<=3.8.2-1<=3.4.23-0+deb10u1<=3.7.6-0+deb12u2<=3.5.18-0+deb11u1
redhat/postfix<3.8.4
redhat/postfix<3.7.9
redhat/postfix<3.6.13
redhat/postfix<3.5.23
Postfix Postfix<3.5.23
and 15 more
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
Linux Linux kernel<6.5
Linux Linux kernel=6.5-rc1
Linux Linux kernel=6.5-rc2
Linux Linux kernel=6.5-rc3
Linux Linux kernel=6.5-rc4
Linux Linux kernel=6.5-rc5
and 6 more
Insufficient data validation in Extensions
Microsoft Edge (Chromium-based)
Google Chrome<120.0.6099.216
Google Chrome<120.0.6099.216
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Microsoft Edge<120.0.2210.133
Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
Broadcom Tcpreplay=4.4.3
Broadcom Tcpreplay=4.4.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=39
W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)
Tats W3m=0.5.3\+git20230121-1
Tats W3m=0.5.3\+git20230121-2
Tats W3m=0.5.3\+git20230129
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=39
debian/w3m<=0.5.3-37<=0.5.3-37+deb10u1<=0.5.3+git20210102-6+deb11u1<=0.5.3+git20230121-2
and 6 more
Heap buffer overflow in WebRTC
debian/chromium<=90.0.4430.212-1~deb10u1<=116.0.5845.180-1~deb11u1<=119.0.6045.199-1~deb12u1
Microsoft Edge<120.0.2210.91
Google Chrome=120.0.6099.224
Google Chrome=120.0.6099.225
Google Chrome=120.0.6099.234
Microsoft Edge (Chromium-based)
and 6 more
Libssh: missing checks for return values for digests
Libssh Libssh>=0.9.0<0.9.8
Libssh Libssh>=0.10.0<0.10.6
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
and 10 more
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
QEMU qemu<8.2.1
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
Use after free in Canvas
Google Chrome<121.0.6167.139
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.139
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Glibc: integer overflow in __vsyslog_internal()
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
ubuntu/glibc<2.37-15
ubuntu/glibc<2.38-1ubuntu6.1
debian/glibc
GNU glibc>=2.37<2.39
and 3 more
Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
GNU C Library (glibc)=2.37
GNU C Library (glibc)=2.36
ubuntu/glibc<2.37-15
ubuntu/glibc<2.38-1ubuntu6.1
GNU glibc<2.39
Fedoraproject Fedora=38
and 4 more
Use after free in Network
Google Chrome<121.0.6167.139
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.139
Fedoraproject Fedora=38
Fedoraproject Fedora=39

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203