Fedoraproject Fedora vulnerabilities

CVE-2021-32688 [HIGH] CWE-285 CVE-2021-32688: Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports applica Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, th

CVE-2021-36377 [HIGH] CWE-295 CVE-2021-36377: Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.

CVE-2021-32679 [HIGH] CWE-116 CVE-2021-32679: Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20. Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a b

CVE-2021-32705 [HIGH] CWE-799 CVE-2021-32705: Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20. Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known

CVE-2021-32703 [MEDIUM] CWE-799 CVE-2021-32703: Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20. Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

CVE-2021-32678 [MEDIUM] CWE-799 CVE-2021-32678: Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20. Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range

CVE-2021-32680 [LOW] CWE-778 CVE-2021-32680: Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20. Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

CVE-2021-3570 [HIGH] CWE-119 CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwardin A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw

CVE-2021-3612 [HIGH] CWE-20 CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in ver An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well

CVE-2021-3571 [HIGH] CWE-119 CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-e A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw aff

CVE-2021-21779 [HIGH] CWE-416 CVE-2021-21779: A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.

CVE-2021-21775 [HIGH] CWE-416 CVE-2021-21775: A use-after-free vulnerability exists in the way certain events are processed for ImageLoader object A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.

CVE-2021-32740 [HIGH] CWE-400 CVE-2021-32740: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standa Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leadi

CVE-2021-35042 [CRITICAL] CWE-89 CVE-2021-35042: Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.

CVE-2021-30554 [HIGH] CWE-416 CVE-2021-30554: Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potenti Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-35197 [HIGH] CWE-863 CVE-2021-35197: In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots hav In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API (which a "sitewide block" should have prevented).

CVE-2021-30556 [HIGH] CWE-416 CVE-2021-30556: Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to pote Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30557 [HIGH] CWE-416 CVE-2021-30557: Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convince Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-36087 [LOW] CWE-125 CVE-2021-36087: The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indir The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

CVE-2021-36084 [LOW] CWE-416 CVE-2021-36084: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_v The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).