Medium: krb5

Issue Overview: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Affected Packages: krb5 Note: This advisory is applicable to...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Medium: kernel

Issue Overview: Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allows Forced Integer Overflow. CVE-2024-23307 A malicious hypervisor can potentially break confidentiality and integrity of Linux SEV-SNP guests by injecting interrupts...

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Medium: c-ares

Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...

Important: kernel

Issue Overview: dmtablecreate in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to in alloctargets allocate more than INTMAX bytes, and crash, because of a missing check for struct dmioctl.targetcount. CVE-2023-52429 A flaw was found in the smb client in the Linux kernel. A...

Medium: ncurses

Issue Overview: ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/libtermcap.c. CVE-2023-45918 Affected Packages: ncurses Issue Correction: Run dnf update ncurses --releasever 2023.3.20240304 to update your system. New Packages: aarch64: ...

Important: dotnet6.0

Issue Overview: .NET Denial of Service Vulnerability CVE-2024-20672 .NET Denial of Service Vulnerability CVE-2024-21386 .NET Denial of Service Vulnerability CVE-2024-21404 Affected Packages: dotnet6.0 Issue Correction: Run dnf update dotnet6.0 --releasever 2023.3.20240304 to update your system. N...

Medium: lynx

Issue Overview: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165 Affected Packages: lynx Issue Correction: Run dnf update lynx --releasever 2023.3.20240219 to updat...

Important: ghostscript

Issue Overview: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature. CVE-2020-36773 Affected Packages: ghostscri...

Important: redis6

Issue Overview: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVE-2023-41056...

Important: GraphicsMagick

Issue Overview: Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. CVE-2020-21679 In GraphicsMagick, a heap buffer overflow was found when parsing MIFF...

Low: opensc

Issue Overview: A heap use after free issue was found in Opensc before version 0.22.0 in scfilevalid. CVE-2021-42779 Affected Packages: opensc Issue Correction: Run dnf update opensc --releasever 2023.3.20240219 to update your system. New Packages: aarch64: ...

Medium: graphviz

Issue Overview: buffer overflow via a crafted config6a file NOTE: Crosses no security boundary, config files are under local control NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441 NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...

Important: kernel

Issue Overview: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if unbind the driver. CVE-2020-27820 A flaw use-after-free in...

Important: kernel-livepatch-4.14.328-248.540

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol L2TP. A missing lock when clearing skuserdata can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. CVE-2022-4129 In...

Important: runc

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Medium: vsftpd

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

Medium: python3.11

Issue Overview: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-24329 The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing host...

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

Important: sqlite

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...

Medium: haproxy2

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...

Important: grpc

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-44487 Affected Packages: grpc Issue Correction: Run dnf update grpc --releaseve...

Medium: wireshark

Issue Overview: SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file CVE-2023-6174 A heap based buffer overflow in Wireshark's NetScreen file parser may lead to a local arbitrary code execution via a crafted capture file...

Important: tomcat9

Issue Overview: Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts...

Medium: binutils

Issue Overview: A potential illegal memory access in binutils has been found when parsing a corrupt file. CVE-2023-1579 Affected Packages: binutils Issue Correction: Run dnf update binutils --releasever 2023.2.20231030 or dnf update --advisory ALAS2023-2023-425 --releasever 2023.2.20231030 to...

Medium: wireshark

Issue Overview: RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file CVE-2023-5371 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.2.20231030 or dnf update...

Important: cni-plugins

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Issue Correction: Run dnf update cni-plugi...

Important: kernel-livepatch-6.1.38-59.109

Issue Overview: A use-after-free vulnerability in the Linux kernel's net/sched: clsfw component can be exploited to achieve local privilege escalation. If tcfchangeindev fails, fwsetparms will immediately return an error after incrementing or decrementing the reference counter in tcfbindfilter. I...

Medium: containerd

Issue Overview: A flaw was found in containerd CRI plugin. Containers launched through containerd CRI implementation that share the same image may receive incorrect environment variables, including values that are defined for other containers. The highest threat from this vulnerability is to data...

Important: ecs-service-connect-agent

Issue Overview: An issue was found in libcurl which allows cookies to be inserted into a running program if specific conditions are met. The libcurl provided function, curleasyduphandle, is used to duplicate the easyhandle associated with a transfer. If a duplicated transfer's easyhandle has...

Low: libwebp

Issue Overview: No CVE associated with this advisory Affected Packages: libwebp Issue Correction: Run dnf update libwebp --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-358 --releasever 2023.2.20231002 to update your system. More information on how to update your system can be...

Important: dotnet6.0

Issue Overview: Visual Studio Remote Code Execution Vulnerability CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability CVE-2023-36796 .NET Core and Visual...

Medium: libtommath

Issue Overview: Integer Overflow vulnerability in mpgrow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service DoS. CVE-2023-36328 Affected Packages: libtommath Issue Correction: Run dnf update...

Low: amazon-ssm-agent

Issue Overview: No CVE associated with this advisory Affected Packages: amazon-ssm-agent Issue Correction: Run dnf update amazon-ssm-agent --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-373 --releasever 2023.2.20231002 to update your system. More information on how to update...

Important: python38

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Medium: lynis

Issue Overview: In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be...

Important: firefox

Issue Overview: firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with...

Important: docker

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Important: cni-plugins

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send...

Important: dotnet6.0

Issue Overview: .NET and Visual Studio Remote Code Execution Vulnerability CVE-2023-35390 .NET Core and Visual Studio Denial of Service Vulnerability CVE-2023-38178 .NET and Visual Studio Denial of Service Vulnerability CVE-2023-38180 Affected Packages: dotnet6.0 Issue Correction: Run dnf update...

Medium: golang

Issue Overview: 2023-10-11: The severity level was changed from Important to Medium. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192...

Important: containerd

Issue Overview: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed...

Medium: microcode_ctl

Issue Overview: A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical...

Medium: wireshark

Issue Overview: Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file CVE-2023-3648 iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file...

Medium: python-mako

Issue Overview: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. CVE-2022-40023 Affected Packages: python-mako Issue Correction: Run dnf update python-mako --releasever...

Medium: libtiff

Issue Overview: libtiff 4.5.0 is vulnerable to Buffer Overflow in uvencode when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. CVE-2023-26966 Affected Packages: libtiff Issue Correction: Run dnf update libtiff --releasever 2023.1.20230719 or dnf updat...

Important: docker

Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Affected Packages: docker Issue Correction: Run dnf update docker --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-260 --releasever 2023.1.20230719 to update your system. More information o...