Important: glib2

Issue Overview: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a...

Medium: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. CVE-2023-42956 A logic issue was addressed with improved validation. This issue is fixed ...

Important: xorg-x11-server

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

Important: tigervnc

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

Important: tigervnc

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

Important: xorg-x11-server

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Medium: libvirt

Issue Overview: An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to...

Medium: python3

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Important: tomcat

Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbcenclen during regular expression searching. Invalid handling of reg-dmin in forwardsearchrange could result in an...

Medium: libreswan

Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically...

Important: dnsmasq

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...

Medium: krb5

Issue Overview: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability ...

Important: emacs

Issue Overview: In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. CVE-2024-30202 Affected Packages: emacs Issue Correction: Run dnf update emacs --releasever 2023.4.20240416 or dnf update --advisory ALAS2023-2024-584...

Important: emacs

Issue Overview: In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. CVE-2024-30202 Affected Packages: emacs Issue Correction: Run dnf update emacs --releasever 2023.4.20240416 to update your system. New Packages: aarch64: ...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Important: xorg-x11-server

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Medium: kernel

Issue Overview: Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allows Forced Integer Overflow. CVE-2024-23307 A malicious hypervisor can potentially break confidentiality and integrity of Linux SEV-SNP guests by injecting interrupts...

Medium: krb5

Issue Overview: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CVE-2024-26458 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. CVE-2024-26461 Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability ...

Important: xorg-x11-server

Issue Overview: A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a clie...

Medium: python3.11

Issue Overview: An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to "quoted-overlap" zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed...

Medium: libreswan

Issue Overview: The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically...

Medium: kernel

Issue Overview: Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allows Forced Integer Overflow. CVE-2024-23307 A malicious hypervisor can potentially break confidentiality and integrity of Linux SEV-SNP guests by injecting interrupts...

Important: glib2

Issue Overview: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in goptiongroupaddentries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a...

Important: tigervnc

Issue Overview: The ProcRenderAddGlyphs function calls the AllocateGlyph function to store new glyphs sent by the client to the X server. AllocateGlyph would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyphnew array would th...

Important: xorg-x11-server

Issue Overview: The ProcRenderAddGlyphs function calls the AllocateGlyph function to store new glyphs sent by the client to the X server. AllocateGlyph would return a new glyph with refcount=0 and a re-used glyph would end up not changing the refcount at all. The resulting glyphnew array would th...

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages...

Important: expat

Issue Overview: libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate. CVE-2024-28757 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.4.20240401 or dnf update --adviso...

Medium: libdwarf

Issue Overview: In a multiply-corrupted DWARF object libdwarf may try to deallocfree an allocation twice. Results are unpredictable and various. This has been a possibility since we added code to prevent leaks when generating 'unattached' DwarfError records where there is no DwarfDebug available ...

Medium: rpm

Issue Overview: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data...

Medium: rpm

Issue Overview: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data...

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Important: expat

Issue Overview: libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate. CVE-2024-28757 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.4.20240401 to update your system...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages...

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Medium: python-pillow

Issue Overview: Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a certain limit. This can lead to a system crash. Affected versions of this package...

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

Medium: libdwarf

Issue Overview: In a multiply-corrupted DWARF object libdwarf may try to deallocfree an allocation twice. Results are unpredictable and various. This has been a possibility since we added code to prevent leaks when generating 'unattached' DwarfError records where there is no DwarfDebug available ...

Medium: python-pillow

Issue Overview: Affected versions of this package are vulnerable to Denial of Service DoS when using arbitrary strings as text input and the number of characters passed into PIL.ImageFont.ImageFont.getmask is over a certain limit. This can lead to a system crash. Affected versions of this package...

Important: squid

Issue Overview: A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements ...

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

Important: thunderbird

Issue Overview: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...