Fedoraproject Fedora vulnerabilities

CVE-2020-27840 [HIGH] CWE-125 CVE-2020-27840: A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be i A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.

CVE-2021-23134 [HIGH] CWE-416 CVE-2021-23134: Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

CVE-2021-20277 [HIGH] CWE-125 CVE-2021-20277: A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can le A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.

CVE-2021-32606 [HIGH] CWE-416 CVE-2021-32606: In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escala In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

CVE-2021-31204 [HIGH] CVE-2021-31204: .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Elevation of Privilege Vulnerability

CVE-2021-3504 [MEDIUM] CWE-125 CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bound A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is

CVE-2021-29471 [MEDIUM] CWE-400 CVE-2021-29471: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Ce

CVE-2021-32056 [MEDIUM] CWE-732 CVE-2021-32056: Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypa Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

CVE-2020-13529 [MEDIUM] CWE-290 CVE-2020-13529: An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCE An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

CVE-2021-21419 [MEDIUM] CWE-400 CVE-2021-21419: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Event Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory

CVE-2021-20204 [CRITICAL] CWE-119 CVE-2021-20204: A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when proces A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depe

CVE-2021-30473 [CRITICAL] CWE-763 CVE-2021-30473: aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.

CVE-2021-3501 [HIGH] CWE-787 CVE-2021-3501: A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KV A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

CVE-2021-31829 [MEDIUM] CWE-863 CVE-2021-31829: kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, lea kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive

CVE-2021-32052 [MEDIUM] CWE-79 CVE-2021-32052: In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValida In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP h

CVE-2021-32062 [MEDIUM] CWE-22 CVE-2021-32062: MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7. MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).

CVE-2021-31800 [CRITICAL] CWE-22 CVE-2021-31800: Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacke Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

CVE-2021-31542 [HIGH] CWE-22 CVE-2021-31542: In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

CVE-2021-20254 [MEDIUM] CWE-125 CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those v

CVE-2021-25317 [LOW] CWE-276 CVE-2021-25317: A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Serv A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affe