Fedoraproject Fedora vulnerabilities

CVE-2021-32675 [HIGH] CWE-770 CVE-2021-32675: Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis St Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests

CVE-2021-32626 [HIGH] CWE-122 CVE-2021-32626: Redis is an open source, in-memory database that persists on disk. In affected versions specially cr Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Red

CVE-2021-41099 [HIGH] CWE-190 CVE-2021-41099: Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the un Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and construc

CVE-2021-32672 [MEDIUM] CWE-125 CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and

CVE-2021-41089 [MEDIUM] CWE-281 CVE-2021-41089: Moby is an open-source project created by Docker to enable software containerization. A bug was foun Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly

CVE-2021-41091 [MEDIUM] CWE-281 CVE-2021-41091: Moby is an open-source project created by Docker to enable software containerization. A bug was foun Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When

CVE-2021-41864 [HIGH] CWE-190 CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unpri prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.

CVE-2021-22946 [HIGH] CWE-325 CVE-2021-22946: A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate re

CVE-2021-22947 [MEDIUM] CWE-310 CVE-2021-22947: When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *b

CVE-2021-41617 [HIGH] CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration spec

CVE-2021-22945 [CRITICAL] CWE-415 CVE-2021-22945: When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances errone When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

CVE-2021-32838 [HIGH] CWE-400 CVE-2021-32838: Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX bef Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

CVE-2021-41073 [HIGH] CWE-763 CVE-2021-41073: loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain pri loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc//maps for exploitation.

CVE-2021-39219 [MEDIUM] CWE-843 CVE-2021-39219: Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affecte Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues

CVE-2021-39218 [MEDIUM] CWE-125 CVE-2021-39218: Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and befor Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `

CVE-2021-39216 [MEDIUM] CWE-416 CVE-2021-39216: Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and befor Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing m

CVE-2021-40438 [CRITICAL] CWE-918 CVE-2021-40438: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-39275 [CRITICAL] CWE-787 CVE-2021-39275: ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modu ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-34798 [HIGH] CWE-476 CVE-2021-34798: Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTT Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-36160 [HIGH] CWE-125 CVE-2021-36160: A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory an A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).