Fedoraproject Fedora vulnerabilities

CVE-2021-23437 [HIGH] CWE-125 CVE-2021-23437: The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (Re The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

CVE-2021-30618 [HIGH] CVE-2021-30618: Chromium: CVE-2021-30618 Inappropriate implementation in DevTools Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

CVE-2021-30622 [HIGH] CWE-416 CVE-2021-30622: Chromium: CVE-2021-30622 Use after free in WebApp Installs Chromium: CVE-2021-30622 Use after free in WebApp Installs

CVE-2021-30608 [HIGH] CWE-416 CVE-2021-30608: Chromium: CVE-2021-30608 Use after free in Web Share Chromium: CVE-2021-30608 Use after free in Web Share

CVE-2021-30613 [HIGH] CWE-416 CVE-2021-30613: Chromium: CVE-2021-30613 Use after free in Base internals Chromium: CVE-2021-30613 Use after free in Base internals

CVE-2021-30614 [HIGH] CWE-787 CVE-2021-30614: Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

CVE-2021-30620 [HIGH] CVE-2021-30620: Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

CVE-2021-30610 [HIGH] CWE-416 CVE-2021-30610: Chromium: CVE-2021-30610 Use after free in Extensions API Chromium: CVE-2021-30610 Use after free in Extensions API

CVE-2021-30624 [HIGH] CWE-416 CVE-2021-30624: Chromium: CVE-2021-30624 Use after free in Autofill Chromium: CVE-2021-30624 Use after free in Autofill

CVE-2021-30623 [HIGH] CWE-416 CVE-2021-30623: Chromium: CVE-2021-30623 Use after free in Bookmarks Chromium: CVE-2021-30623 Use after free in Bookmarks

CVE-2021-30609 [HIGH] CWE-416 CVE-2021-30609: Chromium: CVE-2021-30609 Use after free in Sign-In Chromium: CVE-2021-30609 Use after free in Sign-In

CVE-2021-30607 [HIGH] CWE-416 CVE-2021-30607: Chromium: CVE-2021-30607 Use after free in Permissions Chromium: CVE-2021-30607 Use after free in Permissions

CVE-2021-40490 [HIGH] CWE-362 CVE-2021-40490: A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsys A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.

CVE-2021-39191 [MEDIUM] CWE-601 CVE-2021-39191: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that funct mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supply

CVE-2021-30615 [MEDIUM] CVE-2021-30615: Chromium: CVE-2021-30615 Cross-origin data leak in Navigation Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

CVE-2021-33582 [HIGH] CWE-407 CVE-2021-33582: Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

CVE-2021-3634 [MEDIUM] CWE-787 CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shar A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically

CVE-2021-39164 [LOW] CWE-200 CVE-2021-39164: Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 an Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must b

CVE-2021-39163 [LOW] CWE-200 CVE-2021-39163: Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 an Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted

CVE-2021-34434 [MEDIUM] CWE-285 CVE-2021-34434: In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.