Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-29141 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. | |||||
CVE-2023-29007 | 2 Fedoraproject, Git-scm | 2 Fedora, Git | 2024-11-21 | N/A | 7.0 HIGH |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. | |||||
CVE-2023-28856 | 3 Debian, Fedoraproject, Redis | 3 Debian Linux, Fedora, Redis | 2024-11-21 | N/A | 5.5 MEDIUM |
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2023-28756 | 3 Debian, Fedoraproject, Ruby-lang | 4 Debian Linux, Fedora, Ruby and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | |||||
CVE-2023-28755 | 3 Debian, Fedoraproject, Ruby-lang | 3 Debian Linux, Fedora, Uri | 2024-11-21 | N/A | 5.3 MEDIUM |
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | |||||
CVE-2023-28686 | 3 Debian, Dino, Fedoraproject | 3 Debian Linux, Dino, Fedora | 2024-11-21 | N/A | 7.1 HIGH |
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. | |||||
CVE-2023-28447 | 2 Fedoraproject, Smarty | 2 Fedora, Smarty | 2024-11-21 | N/A | 7.1 HIGH |
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability. | |||||
CVE-2023-28439 | 2 Ckeditor, Fedoraproject | 2 Ckeditor, Fedora | 2024-11-21 | N/A | 4.7 MEDIUM |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page. | |||||
CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A | 4.3 MEDIUM |
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | |||||
CVE-2023-28333 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A | 9.8 CRITICAL |
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | |||||
CVE-2023-28322 | 4 Apple, Fedoraproject, Haxx and 1 more | 13 Macos, Fedora, Curl and 10 more | 2024-11-21 | N/A | 3.7 LOW |
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | |||||
CVE-2023-28321 | 5 Apple, Debian, Fedoraproject and 2 more | 14 Macos, Debian Linux, Fedora and 11 more | 2024-11-21 | N/A | 5.9 MEDIUM |
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | |||||
CVE-2023-27538 | 6 Broadcom, Debian, Fedoraproject and 3 more | 15 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 12 more | 2024-11-21 | N/A | 5.5 MEDIUM |
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. | |||||
CVE-2023-27536 | 5 Debian, Fedoraproject, Haxx and 2 more | 14 Debian Linux, Fedora, Libcurl and 11 more | 2024-11-21 | N/A | 5.9 MEDIUM |
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. | |||||
CVE-2023-27535 | 5 Debian, Fedoraproject, Haxx and 2 more | 14 Debian Linux, Fedora, Libcurl and 11 more | 2024-11-21 | N/A | 5.9 MEDIUM |
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. | |||||
CVE-2023-27534 | 5 Broadcom, Fedoraproject, Haxx and 2 more | 13 Brocade Fabric Operating System Firmware, Fedora, Curl and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | |||||
CVE-2023-27533 | 4 Fedoraproject, Haxx, Netapp and 1 more | 13 Fedora, Curl, Active Iq Unified Manager and 10 more | 2024-11-21 | N/A | 8.8 HIGH |
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | |||||
CVE-2023-27320 | 2 Fedoraproject, Sudo Project | 2 Fedora, Sudo | 2024-11-21 | N/A | 7.2 HIGH |
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | |||||
CVE-2023-26916 | 2 Cesnet, Fedoraproject | 2 Libyang, Fedora | 2024-11-21 | N/A | 5.3 MEDIUM |
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. | |||||
CVE-2023-26590 | 3 Fedoraproject, Redhat, Sox Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | N/A | 6.2 MEDIUM |
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. |