Fedoraproject Fedora vulnerabilities

CVE-2021-28677 [HIGH] CVE-2021-28677: An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EP An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an

CVE-2021-28676 [HIGH] CWE-835 CVE-2021-28676: An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

CVE-2021-32625 [HIGH] CVE-2021-32625: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, a Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The proble

CVE-2021-28678 [MEDIUM] CWE-345 CVE-2021-28678: An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

CVE-2019-12067 [MEDIUM] CWE-476 CVE-2019-12067: The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NU The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

CVE-2020-35503 [MEDIUM] CWE-476 CVE-2020-35503: A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEM A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of serv

CVE-2021-28675 [MEDIUM] CWE-252 CVE-2021-28675: An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

CVE-2021-3516 [HIGH] CWE-416 CVE-2021-3516: There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a c There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

CVE-2021-23017 [HIGH] CWE-193 CVE-2021-23017: A security issue in nginx resolver was identified, which might allow an attacker who is able to forg A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3543 [MEDIUM] CWE-416 CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclav A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.

CVE-2021-20236 [CRITICAL] CWE-120 CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-32642 [CRITICAL] CWE-20 CVE-2021-32642: radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Mis radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of

CVE-2021-29505 [HIGH] CWE-94 CVE-2021-29505: XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream v XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limi

CVE-2020-25710 [HIGH] CWE-617 CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a mal A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

CVE-2021-20240 [HIGH] CWE-191 CVE-2021-20240: A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well a

CVE-2020-35504 [MEDIUM] CWE-476 CVE-2020-35504: A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6 A NULL pointer dereference flaw was found in the SCSI emulation support of QEMU in versions before 6.0.0. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2021-20292 [MEDIUM] CWE-416 CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouve There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverag

CVE-2021-33620 [MEDIUM] CWE-20 CVE-2021-33620: Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

CVE-2021-20239 [LOW] CWE-822 CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

CVE-2021-31535 [CRITICAL] CWE-120 CVE-2021-31535: LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execu LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maxim