Latest fedoraproject fedora Vulnerabilities

Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client
redhat/PuTTY<0.81
redhat/FileZilla<3.67.0
Putty Putty>=0.68<0.81
Filezilla-project Filezilla Client<3.67.0
Winscp Winscp<6.3.3
Tortoisegit Tortoisegit<2.15.0.1
and 6 more
Object lifecycle issue in V8
Google Chrome<123.0.6312.58
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
Qpdf Project Qpdf=11.9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
ubuntu/qpdf<11.5.0-1ubuntu1.1
ubuntu/qpdf<11.9.0-1
and 1 more
pgjdbc SQL Injection via line comment generation
maven/org.postgresql:postgresql>=42.7.0<42.7.2
maven/org.postgresql:postgresql>=42.6.0<42.6.1
maven/org.postgresql:postgresql>=42.5.0<42.5.5
maven/org.postgresql:postgresql>=42.4.0<42.4.4
maven/org.postgresql:postgresql>=42.3.0<42.3.9
maven/org.postgresql:postgresql<42.2.28
and 22 more
In wpa_supplicant, a flaw was discovered in the implementation of PEAP, which allows an attacker to skip the second phase of authentication when the target device has not been properly configured to v...
W1.fi Wpa Supplicant<2.10
Google Android
Google Chrome OS
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=39
and 2 more
Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2022
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2022, 23H2 Edition
Microsoft Windows Server 2022
and 59 more
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl...
Linux Linux kernel<5.10.210
Linux Linux kernel>=5.11.0<5.15.149
Linux Linux kernel>=5.16.0<6.1.79
Linux Linux kernel>=6.2.0<6.6.18
Linux Linux kernel>=6.7.0<6.7.6
Fedoraproject Fedora=38
and 82 more
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due t...
Cisco Secure Endpoint<7.5.17
Cisco Secure Endpoint>=8.0.1.21160<8.2.3.30119
Cisco Secure Endpoint Private Cloud<3.8.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/clamav<1.0.5+dfsg-0ubuntu0.23.10.1
and 2 more
114 is being updated in the LTS (Long Term Support) channel, to version 1140.5735.358 (Platform Version: 15437.98.0) for most ChromeOS devices.
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.160
Fedoraproject Fedora=38
Fedoraproject Fedora=39
High Heap buffer overflow in Skia[41494539] High CVE-2024-1284 Use after free in MojoChromeOS Vulnerability Bug Fixes:High - Users are able to bypass policies using kiosk apps in kiosk mode
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.160
Fedoraproject Fedora=38
Fedoraproject Fedora=39
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
Aiohttp Aiohttp>=1.0.5<3.9.2
Fedoraproject Fedora=39
pip/aiohttp>=1.0.5<3.9.2
redhat/aiohttp<3.9.2
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Aiohttp Aiohttp<3.9.2
Fedoraproject Fedora=39
pip/aiohttp<3.9.2
redhat/aiohttp<3.9.2
Inappropriate implementation in iOS
Google Chrome<123.0.6312.58
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
Integer underflow in WebUI
Microsoft Edge<121.0.2277.83
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Use after free in WebAudio
Microsoft Edge<121.0.2277.83
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Shim: out of bounds read when parsing mz binaries
redhat/shim<15.8
<15.8
=39
=8.0
=9.0
Shim: out-of-bound read in verify_buffer_sbat()
<15.8
=39
=8.0
=9.0
Linux: netback processing of zero-length transmit fragment
Linux Linux kernel>=4.14<6.7
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/linux<4.15.0-223.235
ubuntu/linux<5.4.0-176.196
ubuntu/linux<5.15.0-102.112
and 127 more
Use after free in Canvas
Google Chrome<123.0.6312.58
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
Potential authentication and CSRF tokens leak in JupyterLab
pip/notebook>=7.0.0<=7.0.6
pip/jupyterlab<=3.6.6
pip/jupyterlab>=4.0.0<=4.0.10
Jupyter Jupyterlab<3.6.7
Jupyter Jupyterlab>=4.0.0<4.0.11
Jupyter Notebook>=7.0.0<7.0.7
and 1 more
Stored cross site scripting in Markdown Preview in JupyterLab
Jupyter Jupyterlab>=4.0.0<4.0.11
Jupyter Notebook>=7.0.0<7.0.7
pip/notebook>=7.0.0<=7.0.6
pip/jupyterlab>=4.0.0<=4.0.10
Fedoraproject Fedora=39
Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
pip/ansible-core>=2.15.0<2.15.9
pip/ansible-core>=2.16.0<2.16.3
pip/ansible-core<2.14.14
redhat/ansible<2.14.4
redhat/ansible<2.15.9
redhat/ansible<2.16.3
and 24 more
runc container breakout through process.cwd trickery and leaked fds
ubuntu/runc<1.1.4-0ubuntu1~18.04.2+
ubuntu/runc<1.1.7-0ubuntu1~20.04.2
ubuntu/runc<1.1.7-0ubuntu1~22.04.2
ubuntu/runc<1.1.7-0ubuntu2.2
ubuntu/runc<1.1.12
go/github.com/opencontainers/runc>=1.0.0-rc93<=1.1.11
and 7 more
Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
Linux Linux kernel<6.7
Linux Linux kernel=6.7-rc1
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/kernel<6.7
and 121 more
Gnutls: incomplete fix for cve-2023-5981
redhat/gnutls<3.8.3
debian/gnutls28<=3.6.7-4+deb10u8<=3.7.1-5+deb11u4<=3.7.1-5+deb11u3
ubuntu/gnutls28<3.6.13-2ubuntu1.10
ubuntu/gnutls28<3.7.3-4ubuntu1.4
ubuntu/gnutls28<3.7.8-5ubuntu1.2
ubuntu/gnutls28<3.8.1-4ubuntu1.2
and 18 more
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Relax-and-recover Relax-and-recover<=2.7
SUSE Linux Enterprise=15.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
Linux Linux kernel>=6.2<6.4
Linux Linux kernel=6.4-rc1
Linux Linux kernel=6.4-rc2
Linux Linux kernel=6.4-rc3
Linux Linux kernel=6.4-rc4
Linux Linux kernel=6.4-rc5
and 4 more
Redis vulnerable to integer overflow in certain payloads
Redis Redis>=7.0.9<7.0.15
Redis Redis>=7.2.0<7.2.4
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Xorg-x11-server: selinux context corruption
Tigervnc Tigervnc<1.13.1
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
and 25 more
Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
X.org Xorg-server<21.1.11
X.org Xwayland<23.2.4
Fedoraproject Fedora=39
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Workstation=7.0
and 18 more
Xorg-x11-server: selinux unlabeled glx pbuffer
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<2:1.20.13-1ubuntu1~20.04.14
ubuntu/xorg-server<2:21.1.4-2ubuntu1.7~22.04.7
ubuntu/xorg-server<2:21.1.7-1ubuntu3.6
ubuntu/xorg-server<2:21.1.7-3ubuntu2.6
ubuntu/xorg-server<2:21.1.11-1ubuntu1
and 26 more
Out of bounds write in V8
Google Chrome<120.0.6099.234
Microsoft Edge<120.0.2210.144
Microsoft Edge (Chromium-based)
Google Chrome=120.0.6099.224
Google Chrome=120.0.6099.225
Google Chrome=120.0.6099.234
and 3 more
Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
=8.0
=9.0
=40
Kernel: aoe: improper reference count leads to use-after-free vulnerability
Linux Linux kernel
Fedoraproject Fedora=39
Use after free in WebGPU[41487330] High CVE-2024-1059 Use after free in WebRTCChromeOS Vulnerability Bug Fixes:[ ] High CVE-2024-0204 Users are able to bypass policies using kiosk apps in kiosk mo...
Microsoft Edge<120.0.2210.121
Microsoft Edge (Chromium-based)
Google Chrome<120.0.6099.199
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Packagekitd: use-after-free in idle function callback
redhat/PackageKit<1.2.7
Packagekit Project Packagekit<1.2.7
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
Fedoraproject Fedora=39
Insufficient policy enforcement in iOS Security UI
Google Chrome<121.0.6167.85
Microsoft Edge (Chromium-based)
Microsoft Edge<121.0.2277.83
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Inappropriate implementation in Downloads
Google Chrome<123.0.6312.58
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
Incorrect security UI in iOS
Google Chrome<123.0.6312.58
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
Inappropriate implementation in Downloads
Google Chrome<121.0.6167.85
Microsoft Edge (Chromium-based)
Microsoft Edge<121.0.2277.83
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Use after free in WebRTC
Google Chrome<121.0.6167.139
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.139
Fedoraproject Fedora=38
Fedoraproject Fedora=39
heap buffer overflow in libaom
Aomedia Aomedia<3.7.1
Fedoraproject Fedora=38
Fedoraproject Fedora=39
SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
ubuntu/sqlite3<3.31.1-4ubuntu0.6
ubuntu/sqlite3<3.37.2-2ubuntu0.3
ubuntu/sqlite3<3.40.1-1ubuntu0.1
ubuntu/sqlite3<3.42.0-1ubuntu0.1
ubuntu/sqlite3<3.44.2-1
SQLite SQLite<=3.43.0
and 6 more
Spreadsheet::ParseExcel Remote Code Execution Vulnerability
Google Chrome=120.0.6099.129/130
Spreadsheet::ParseExcel Spreadsheet::ParseExcel=0.65
Spreadsheet::ParseExcel Spreadsheet::ParseExcel
Jmcnamara Spreadsheet\<=0.65
Debian Debian Linux=10.0
Fedoraproject Fedora=38
and 1 more
Exim: SMTP smuggling
Exim Exim<4.97.1
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Extra Packages For Enterprise Linux=9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 9 more
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist...
Openbsd Openssh
Fedoraproject Fedora=39
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10+deb10u4<=1:8.4p1-5+deb11u3<=1:9.2p1-2+deb12u2<=1:9.6p1-4<=1:9.7p1-4
F5 Traffix SDC=5.2.0=5.1.0
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in rec...
debian/postfix<=3.8.2-1<=3.4.23-0+deb10u1<=3.7.6-0+deb12u2<=3.5.18-0+deb11u1
Postfix Postfix<3.5.23
Postfix Postfix>=3.6.0<3.6.13
Postfix Postfix>=3.7.0<3.7.9
Postfix Postfix>=3.8.0<3.8.4
Fedoraproject Fedora=38
and 15 more
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability
Linux kernel
redhat/kernel<6.5
Linux Linux kernel<6.5
Linux Linux kernel=6.5-rc1
Linux Linux kernel=6.5-rc2
Linux Linux kernel=6.5-rc3
and 7 more
Insufficient data validation in Extensions
Microsoft Edge (Chromium-based)
Google Chrome<120.0.6099.216
Google Chrome<120.0.6099.216
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Microsoft Edge<120.0.2210.133
Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
Broadcom Tcpreplay=4.4.3
Broadcom Tcpreplay=4.4.4
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=39

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203