Fedoraproject Fedora vulnerabilities

CVE-2021-36386 [HIGH] CWE-909 CVE-2021-36386: report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an incon

CVE-2021-37746 [MEDIUM] CWE-601 CVE-2021-37746: textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, d textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

CVE-2021-23414 [MEDIUM] CWE-79 CVE-2021-23414: This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTM This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

CVE-2021-37576 [HIGH] CWE-787 CVE-2021-37576: arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

CVE-2021-31292 [HIGH] CWE-190 CVE-2021-31292: An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.

CVE-2021-32791 [MEDIUM] CWE-323 CVE-2021-32791: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that funct mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this create

CVE-2021-32792 [MEDIUM] CWE-79 CVE-2021-32792: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that funct mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`.

CVE-2021-35063 [HIGH] CVE-2021-35063: Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."

CVE-2021-32786 [MEDIUM] CWE-601 CVE-2021-32786: mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that funct mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypass

CVE-2021-32761 [HIGH] CWE-125 CVE-2021-32761: Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read a Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, l

CVE-2021-2354 [MEDIUM] CVE-2021-2354: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t

CVE-2021-2383 [MEDIUM] CVE-2021-2383: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t

CVE-2021-2339 [MEDIUM] CVE-2021-2339: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versio Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau

CVE-2021-2356 [MEDIUM] CVE-2021-2356: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supporte Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result

CVE-2021-2352 [MEDIUM] CVE-2021-2352: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versio Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau

CVE-2021-2370 [MEDIUM] CVE-2021-2370: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau

CVE-2021-2385 [MEDIUM] CVE-2021-2385: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supporte Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result

CVE-2021-2372 [MEDIUM] CVE-2021-2372: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthori

CVE-2021-2342 [MEDIUM] CVE-2021-2342: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in u

CVE-2021-2389 [MEDIUM] CVE-2021-2389: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthori