Fedoraproject Fedora vulnerabilities

CVE-2021-29477 [HIGH] CWE-190 CVE-2021-29477: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, a Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An addit

CVE-2021-29478 [HIGH] CWE-190 CVE-2021-29478: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, a Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version

CVE-2021-21232 [HIGH] CWE-416 CVE-2021-21232: Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to pote Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-29464 [HIGH] CWE-122 CVE-2021-29464: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain

CVE-2021-21227 [HIGH] CWE-787 CVE-2021-21227: Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21233 [HIGH] CWE-787 CVE-2021-21233: Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote att Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21230 [HIGH] CWE-843 CVE-2021-21230: Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-21231 [HIGH] CWE-787 CVE-2021-21231: Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-29463 [MEDIUM] CWE-125 CVE-2021-29463: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability t

CVE-2021-21229 [MEDIUM] CWE-346 CVE-2021-21229: Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remot Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2021-21228 [MEDIUM] CWE-863 CVE-2021-21228: Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an atta Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

CVE-2021-20266 [MEDIUM] CWE-125 CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

CVE-2021-25215 [HIGH] CWE-617 CVE-2021-25215: In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process wi

CVE-2020-18032 [HIGH] CWE-120 CVE-2020-18032: Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows rem Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.

CVE-2020-36327 [HIGH] CVE-2020-36327: Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based o Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not c

CVE-2020-15225 [MEDIUM] CWE-681 CVE-2020-15225: django-filter is a generic system for filtering Django QuerySets based on user selections. In django django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4

CVE-2021-25214 [MEDIUM] CWE-617 CVE-2021-25214: In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the

CVE-2021-29472 [HIGH] CWE-88 CVE-2021-29472: Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file

CVE-2021-21226 [CRITICAL] CWE-416 CVE-2021-21226: Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who ha Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-21223 [CRITICAL] CWE-190 CVE-2021-21223: Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had co Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.