Fedoraproject Fedora vulnerabilities

CVE-2021-32617 [MEDIUM] CWE-400 CVE-2021-32617: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentiall

CVE-2021-3402 [CRITICAL] CWE-190 CVE-2021-3402: An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0. An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4

CVE-2021-33034 [HIGH] CWE-416 CVE-2021-33034: In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

CVE-2020-24119 [HIGH] CWE-125 CVE-2020-24119: A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not pe A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

CVE-2021-32613 [MEDIUM] CWE-416 CVE-2021-32613: In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file wh In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

CVE-2021-3537 [MEDIUM] CWE-476 CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability

CVE-2020-27769 [LOW] CWE-190 CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

CVE-2021-32920 [HIGH] CVE-2021-32920: Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation reque Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

CVE-2021-29510 [HIGH] CWE-835 CVE-2021-29510: Pydantic is a data validation and settings management using Python type hinting. In affected version Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.

CVE-2021-32919 [HIGH] CWE-295 CVE-2021-32919: An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).

CVE-2021-32918 [HIGH] CWE-400 CVE-2021-32918: An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthe An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.

CVE-2021-31215 [HIGH] CVE-2021-31215: SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

CVE-2020-27823 [HIGH] CWE-20 CVE-2020-27823: A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y o A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVE-2021-21424 [MEDIUM] CWE-200 CVE-2021-21424: Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Th Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user

CVE-2020-27824 [MEDIUM] CWE-20 CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

CVE-2021-32921 [MEDIUM] CWE-362 CVE-2021-32921: An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comp An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker.

CVE-2020-25713 [MEDIUM] CWE-20 CVE-2020-25713: A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_wri A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

CVE-2021-32917 [MEDIUM] CWE-862 CVE-2021-32917: An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by defaul An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.

CVE-2021-29623 [LOW] CWE-908 CVE-2021-29623: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The read of uninitialized me

CVE-2020-14354 [LOW] CWE-120 CVE-2020-14354: A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called p A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.