Fedoraproject Fedora vulnerabilities

CVE-2021-34557 [MEDIUM] CWE-120 CVE-2021-34557: XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A b XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.

CVE-2021-30641 [MEDIUM] CVE-2021-30641: Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

CVE-2019-17567 [MEDIUM] CWE-444 CVE-2019-17567: Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not nece Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

CVE-2021-32677 [HIGH] CWE-352 CVE-2021-32677: FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. F FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to rea

CVE-2021-0089 [MEDIUM] CWE-203 CVE-2021-0089: Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentia Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVE-2021-26314 [MEDIUM] CWE-208 CVE-2021-26314: Potential floating point value injection in all supported CPU products, in conjunction with software Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.

CVE-2021-33829 [MEDIUM] CWE-79 CVE-2021-33829: A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4 A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

CVE-2021-0086 [MEDIUM] CWE-203 CVE-2021-0086: Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVE-2021-33560 [HIGH] CWE-203 CVE-2021-33560: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponen Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.

CVE-2021-23169 [HIGH] CWE-787 CVE-2021-23169: A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3 A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.

CVE-2021-22212 [HIGH] CWE-327 CVE-2021-22212: ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are sho

CVE-2021-33571 [HIGH] CWE-918 CVE-2021-33571: In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_ad In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..)

CVE-2021-31807 [MEDIUM] CWE-190 CVE-2021-31807: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allow An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

CVE-2021-26260 [MEDIUM] CVE-2021-26260: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in v An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.

CVE-2021-33203 [MEDIUM] CWE-22 CVE-2021-33203: Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file

CVE-2021-3564 [MEDIUM] CWE-415 CVE-2021-3564: A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was fou A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.

CVE-2021-23215 [MEDIUM] CWE-400 CVE-2021-23215: An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in v An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.

CVE-2021-30523 [HIGH] CWE-416 CVE-2021-30523: Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potenti Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

CVE-2021-30525 [HIGH] CWE-416 CVE-2021-30525: Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-30521 [HIGH] CWE-787 CVE-2021-30521: Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.