Fedoraproject Fedora vulnerabilities

CVE-2021-39272 [MEDIUM] CWE-319 CVE-2021-39272: Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

CVE-2021-28697 [HIGH] CWE-362 CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages

CVE-2021-40153 [HIGH] CWE-22 CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; t squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

CVE-2021-28698 [MEDIUM] CWE-835 CVE-2021-28698: long running loops in grant table handling In order to properly monitor resource use, Xen maintains long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have be

CVE-2021-28700 [MEDIUM] CWE-770 CVE-2021-28700: xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create m xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.

CVE-2021-28694 [MEDIUM] CVE-2021-28694: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text exp IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these a

CVE-2021-28695 [MEDIUM] CVE-2021-28695: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text exp IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these a

CVE-2021-28699 [MEDIUM] CVE-2021-28699: inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant at inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of r

CVE-2021-28696 [MEDIUM] CVE-2021-28696: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text exp IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these a

CVE-2021-30598 [HIGH] CWE-843 CVE-2021-30598: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute ar Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2021-30604 [HIGH] CWE-416 CVE-2021-30604: Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potenti Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30599 [HIGH] CWE-843 CVE-2021-30599: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute ar Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

CVE-2021-30602 [HIGH] CWE-416 CVE-2021-30602: Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30603 [HIGH] CWE-362 CVE-2021-30603: Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potential Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30593 [HIGH] CWE-125 CVE-2021-30593: Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who conv Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

CVE-2021-30592 [HIGH] CWE-787 CVE-2021-30592: Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who co Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

CVE-2021-30601 [HIGH] CWE-416 CVE-2021-30601: Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who con Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30590 [HIGH] CWE-787 CVE-2021-30590: Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30600 [HIGH] CWE-416 CVE-2021-30600: Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30591 [HIGH] CWE-416 CVE-2021-30591: Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.