Fedoraproject Fedora vulnerabilities

CVE-2021-37621 [MEDIUM] CWE-835 CVE-2021-37621: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause

CVE-2021-34334 [MEDIUM] CWE-835 CVE-2021-34334: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2

CVE-2021-36221 [MEDIUM] CWE-362 CVE-2021-36221: Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

CVE-2021-38173 [CRITICAL] CWE-77 CVE-2021-38173: Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SS Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.

CVE-2021-29923 [HIGH] CVE-2021-29923: Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP addre Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.

CVE-2021-38166 [HIGH] CWE-190 CVE-2021-38166: In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of- In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.

CVE-2021-38165 [MEDIUM] CWE-522 CVE-2021-38165: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to d Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.

CVE-2021-22925 [MEDIUM] CWE-200 CVE-2021-22925: curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revea

CVE-2021-22923 [MEDIUM] CWE-319 CVE-2021-22923: When curl is instructed to get content using the metalink feature, and a user name and password are When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and witho

CVE-2021-22922 [MEDIUM] CWE-840 CVE-2021-22922: When curl is instructed to download content using the metalink feature, thecontents is verified agai When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several o

CVE-2021-22924 [LOW] CWE-20 CVE-2021-22924: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or c

CVE-2021-30571 [CRITICAL] CWE-863 CVE-2021-30571: Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attac Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-30585 [HIGH] CWE-416 CVE-2021-30585: Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remot Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30573 [HIGH] CWE-416 CVE-2021-30573: Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potential Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30581 [HIGH] CWE-416 CVE-2021-30581: Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30579 [HIGH] CWE-416 CVE-2021-30579: Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30572 [HIGH] CWE-416 CVE-2021-30572: Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to pote Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30569 [HIGH] CWE-416 CVE-2021-30569: Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potent Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30577 [HIGH] CWE-732 CVE-2021-30577: Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remot Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.

CVE-2021-30566 [HIGH] CWE-787 CVE-2021-30566: Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.