Latest Fedoraproject Vulnerabilities

CVE-2024-2408
PHP is vulnerable to the Marvin Attack
PHP PHP>=8.1.0<8.1.29
PHP PHP>=8.2.0<8.2.20
PHP PHP>=8.3.0<8.3.8
Fedoraproject Fedora=40
CVE-2024-4577
PHP-CGI OS Command Injection Vulnerability
PHP PHP<8.3.8
PHP PHP<8.1.29
PHP Group PHP
PHP PHP>=5.0.0<8.1.29
PHP PHP>=8.2.0<8.2.20
PHP PHP>=8.3.0<8.3.8
and 2 more
CVE-2024-5585
Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
PHP PHP<8.2.20
PHP PHP<8.1.29
PHP PHP>=8.1.0<8.1.29
PHP PHP>=8.2.0<8.2.20
PHP PHP>=8.3.0<8.3.8
Fedoraproject Fedora=40
CVE-2024-5458
Filter bypass in filter_var (FILTER_VALIDATE_URL)
PHP PHP<8.2.20
PHP PHP>=7.3.27<=7.3.33
PHP PHP>=7.4.15<=7.4.33
PHP PHP>=8.0.2<=8.0.30
PHP PHP>=8.1.0<8.1.29
PHP PHP>=8.2.0<8.2.20
and 2 more
CVE-2024-5834
Inappropriate implementation in Dawn
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5833
Type Confusion in V8
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5830
Type Confusion in V8
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5838
Type Confusion in V8
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5837
Type Confusion in V8
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5835
Heap buffer overflow in Tab Groups
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5836
Inappropriate Implementation in DevTools
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
Google Chrome<126.0.6478.54
Fedoraproject Fedora=39
Fedoraproject Fedora=40
CVE-2024-5847
Use after free in PDFium
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5846
Use after free in PDFium
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5839
Inappropriate Implementation in Memory Allocator
Microsoft Edge (Chromium-based)
Google Chrome<126.0.6478.54
<126.0.6478.54
=39
=40
CVE-2024-5832
Use after free in Dawn
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5845
Use after free in Audio
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5831
Use after free in Dawn
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-27019
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
Linux Linux kernel>=4.10<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
and 105 more
CVE-2024-27014
net/mlx5e: Prevent deadlock while disabling aRFS
Linux Linux kernel>=5.13<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
and 81 more
CVE-2024-27018
netfilter: br_netfilter: skip conntrack input hook for promisc packets
Linux Linux kernel<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
and 100 more
CVE-2024-26987
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
Linux Linux kernel>=5.18<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
and 76 more
CVE-2024-27015
netfilter: flowtable: incorrect pppoe tuple
Linux Linux kernel>=5.13<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
and 100 more
CVE-2024-27013
tun: limit printing rate when illegal packet received by tun dev
Linux Linux kernel>=2.6.35<4.19.313
Linux Linux kernel>=4.20<5.4.275
Linux Linux kernel>=5.5<5.10.216
Linux Linux kernel>=5.11<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
and 120 more
CVE-2024-27016
netfilter: flowtable: validate pppoe header
Linux Linux kernel>=5.13<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
and 105 more
CVE-2024-27012
netfilter: nf_tables: restore set elements when delete set fails
Linux Linux kernel>=6.4<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Linux Linux kernel=6.9-rc4
Fedoraproject Fedora=38
and 73 more
CVE-2024-27021
r8169: fix LED-related deadlock on module removal
Linux Linux kernel>=6.8<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 72 more
CVE-2024-27017
netfilter: nft_set_pipapo: walk over current view on netlink dump
Linux Linux kernel>=6.4<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Linux Linux kernel=6.9-rc4
Fedoraproject Fedora=38
and 74 more
CVE-2024-26986
drm/amdkfd: Fix memory leak in create_process failure
Linux Linux kernel>=6.5<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Linux Linux kernel=6.9-rc4
and 75 more
CVE-2024-4058
120 is being updated in the LTS channel to 1200.6099.309 (Platform Version: 15662.105.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.
Microsoft Edge (Chromium-based)
Google Chrome<124.0.6367.78
Fedoraproject Fedora=40
CVE-2024-31497
Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client
redhat/PuTTY<0.81
redhat/FileZilla<3.67.0
Putty Putty>=0.68<0.81
Filezilla-project Filezilla Client<3.67.0
Winscp Winscp<6.3.3
Tortoisegit Tortoisegit<2.15.0.1
and 6 more
CVE-2024-5843
Inappropriate implementation in Downloads
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-5844
Heap buffer overflow in Tab Strip
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-27316
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
ubuntu/apache2<2.4.29-1ubuntu4.27+
ubuntu/apache2<2.4.41-4ubuntu3.17
ubuntu/apache2<2.4.52-1ubuntu4.9
ubuntu/apache2<2.4.57-2ubuntu2.4
ubuntu/apache2<2.4.58-1ubuntu8.1
ubuntu/apache2<2.4.59-1
and 8 more
CVE-2024-2625
Object lifecycle issue in V8
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
Google Chrome<124.0.6367.60
CVE-2024-24246
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
Qpdf Project Qpdf=11.9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
ubuntu/qpdf<11.5.0-1ubuntu1.1
ubuntu/qpdf<11.9.0-1
and 1 more
CVE-2024-5841
Use after free in V8
Google Chrome<126.0.6478.54
Microsoft Edge (Chromium-based)
<126.0.6478.54
=39
=40
CVE-2024-1597
pgjdbc SQL Injection via line comment generation
maven/org.postgresql:postgresql>=42.7.0<42.7.2
maven/org.postgresql:postgresql>=42.6.0<42.6.1
maven/org.postgresql:postgresql>=42.5.0<42.5.5
maven/org.postgresql:postgresql>=42.4.0<42.4.4
maven/org.postgresql:postgresql>=42.3.0<42.3.9
maven/org.postgresql:postgresql<42.2.28
and 23 more
CVE-2023-52160
In wpa_supplicant, a flaw was discovered in the implementation of PEAP, which allows an attacker to skip the second phase of authentication when the target device has not been properly configured to v...
W1.fi Wpa Supplicant<2.10
Google Android
Google Chrome OS
Linux Linux kernel
Debian Debian Linux=10.0
Fedoraproject Fedora=39
and 2 more
CVE-2023-50387
Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2022
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2022, 23H2 Edition
Microsoft Windows Server 2022
and 63 more
CVE-2023-52429
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl...
Linux Linux kernel<5.10.210
Linux Linux kernel>=5.11.0<5.15.149
Linux Linux kernel>=5.16.0<6.1.79
Linux Linux kernel>=6.2.0<6.6.18
Linux Linux kernel>=6.7.0<6.7.6
Fedoraproject Fedora=38
and 142 more
CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due t...
Cisco Secure Endpoint<7.5.17
Cisco Secure Endpoint>=8.0.1.21160<8.2.3.30119
Cisco Secure Endpoint Private Cloud<3.8.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
ubuntu/clamav<1.0.5+dfsg-0ubuntu0.23.10.1
and 2 more
CVE-2024-1283
High Heap buffer overflow in Skia[41494539] High CVE-2024-1284 Use after free in MojoChromeOS Vulnerability Bug Fixes:High - Users are able to bypass policies using kiosk apps in kiosk mode
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.160
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2024-1284
114 is being updated in the LTS (Long Term Support) channel, to version 1140.5735.358 (Platform Version: 15437.98.0) for most ChromeOS devices.
Microsoft Edge (Chromium-based) Extended Stable
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.160
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2024-1086
Fixes in Linux Kernel
F5 F5OS-A=1.7.0>=1.5.0<=1.5.2
F5 F5OS-C>=1.6.0<=1.6.2>=1.5.0<=1.5.1
IBM QRadar SIEM<=7.5 - 7.5.0 UP8 IF01
Linux kernel
Linux Linux kernel>=3.15<5.15.149
Linux Linux kernel>=6.1<6.1.76
and 154 more
CVE-2024-23334
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
Aiohttp Aiohttp>=1.0.5<3.9.2
Fedoraproject Fedora=39
pip/aiohttp>=1.0.5<3.9.2
redhat/aiohttp<3.9.2
CVE-2024-23829
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Aiohttp Aiohttp<3.9.2
Fedoraproject Fedora=39
pip/aiohttp<3.9.2
redhat/aiohttp<3.9.2
CVE-2024-2631
Inappropriate implementation in iOS
Google Chrome<123.0.6312.58
Microsoft Edge (Chromium-based)
Google Chrome<123.0.6312.58
Fedoraproject Fedora=38
Fedoraproject Fedora=39
Fedoraproject Fedora=40
CVE-2024-0808
Integer underflow in WebUI
Microsoft Edge<121.0.2277.83
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2024-0807
Use after free in WebAudio
Microsoft Edge<121.0.2277.83
Microsoft Edge (Chromium-based)
Google Chrome<121.0.6167.85
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2023-40551
Shim: out of bounds read when parsing mz binaries
redhat/shim<15.8
<15.8
=39
=8.0
=9.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203