Fedoraproject Fedora vulnerabilities

CVE-2021-37695 [MEDIUM] CWE-79 CVE-2021-37695: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEdi

CVE-2021-31556 [CRITICAL] CWE-1284 CVE-2021-31556: An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitCo An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob.

CVE-2021-20314 [CRITICAL] CWE-787 CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead t Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

CVE-2021-38604 [HIGH] CVE-2021-38604: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandl In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

CVE-2021-38593 [HIGH] CWE-787 CVE-2021-38593: Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).

CVE-2021-32808 [MEDIUM] CWE-79 CVE-2021-32808: ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been d ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEdit

CVE-2021-32809 [MEDIUM] CWE-94 CVE-2021-32809: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all

CVE-2021-0002 [HIGH] CWE-754 CVE-2021-0002: Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before vers Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

CVE-2021-36770 [HIGH] CWE-427 CVE-2021-36770: Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || oper

CVE-2021-0004 [MEDIUM] CWE-119 CVE-2021-0004: Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers an Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.

CVE-2021-38512 [HIGH] CWE-444 CVE-2021-38512: An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggli An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure.

CVE-2021-37620 [MEDIUM] CWE-125 CVE-2021-37620: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability

CVE-2021-34335 [MEDIUM] CWE-369 CVE-2021-34335: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentia

CVE-2021-37619 [MEDIUM] CWE-125 CVE-2021-37619: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability t

CVE-2021-37623 [MEDIUM] CWE-835 CVE-2021-37623: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause

CVE-2021-37616 [MEDIUM] CWE-476 CVE-2021-37616: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vu

CVE-2021-32815 [MEDIUM] CWE-617 CVE-2021-32815: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into runnin

CVE-2021-37615 [MEDIUM] CWE-476 CVE-2021-37615: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vu

CVE-2021-37618 [MEDIUM] CWE-125 CVE-2021-37618: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability

CVE-2021-37622 [MEDIUM] CWE-835 CVE-2021-37622: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause