Fedoraproject Fedora vulnerabilities

CVE-2021-35368 [CRITICAL] CVE-2021-35368: OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is af OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

CVE-2021-3928 [HIGH] CWE-457 CVE-2021-3928: vim is vulnerable to Use of Uninitialized Variable vim is vulnerable to Use of Uninitialized Variable

CVE-2020-27820 [MEDIUM] CWE-416 CVE-2020-27820: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).

CVE-2021-27836 [MEDIUM] CWE-476 CVE-2021-27836: An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.

CVE-2021-43267 [CRITICAL] CWE-1284 CVE-2021-43267: An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Int An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

CVE-2021-37980 [HIGH] CVE-2021-37980: Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote atta Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

CVE-2021-37979 [HIGH] CWE-787 CVE-2021-37979: heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37977 [HIGH] CWE-416 CVE-2021-37977: Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacke Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37978 [HIGH] CWE-787 CVE-2021-37978: Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to po Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-42574 [HIGH] CWE-94 CVE-2021-42574: An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode so

CVE-2021-3756 [CRITICAL] CWE-122 CVE-2021-3756: libmysofa is vulnerable to Heap-based Buffer Overflow libmysofa is vulnerable to Heap-based Buffer Overflow

CVE-2021-43056 [MEDIUM] CVE-2021-43056: An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM gu An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.

CVE-2021-25219 [MEDIUM] CVE-2021-25219: In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9. In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.

CVE-2021-41182 [MEDIUM] CWE-79 CVE-2021-41182: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not acc

CVE-2021-41183 [MEDIUM] CWE-79 CVE-2021-41183: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is

CVE-2021-41184 [MEDIUM] CWE-79 CVE-2021-41184: jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the valu jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the val

CVE-2021-21703 [HIGH] CWE-284 CVE-2021-21703: In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when ru In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way tha

CVE-2021-41159 [HIGH] CWE-787 CVE-2021-41159: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unab

CVE-2021-41160 [HIGH] CWE-787 CVE-2021-41160: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache lic FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out

CVE-2021-42716 [HIGH] CWE-120 CVE-2021-42716: An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM f An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data with