Fedoraproject Fedora vulnerabilities

CVE-2021-21216 [MEDIUM] CWE-290 CVE-2021-21216: Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote att Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVE-2021-21222 [MEDIUM] CWE-787 CVE-2021-21222: Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2021-21209 [MEDIUM] CWE-346 CVE-2021-21209: Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote atta Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-21212 [MEDIUM] CVE-2021-21212: Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowe Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.

CVE-2021-21211 [MEDIUM] CWE-346 CVE-2021-21211: Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a r Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-21217 [MEDIUM] CWE-252 CVE-2021-21217: Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

CVE-2021-29473 [LOW] CWE-125 CVE-2021-29473: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered w

CVE-2021-22204 [HIGH] CWE-94 CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

CVE-2021-31607 [HIGH] CWE-78 CVE-2021-31607: In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper mod In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

CVE-2021-22207 [MEDIUM] CWE-770 CVE-2021-22207: Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 all Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

CVE-2021-29470 [MEDIUM] CWE-125 CVE-2021-29470: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the me Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability t

CVE-2021-23133 [HIGH] CWE-362 CVE-2021-23133: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This c

CVE-2021-0232 [HIGH] CWE-284 CVE-2021-0232: An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Cent An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect

CVE-2021-2163 [MEDIUM] CVE-2021-2163: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated atta

CVE-2021-2166 [MEDIUM] CVE-2021-2166: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth

CVE-2021-2193 [MEDIUM] CVE-2021-2193: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t

CVE-2021-2196 [MEDIUM] CVE-2021-2196: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cau

CVE-2021-2179 [MEDIUM] CVE-2021-2179: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability

CVE-2021-2161 [MEDIUM] CVE-2021-2161: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated atta

CVE-2021-2170 [MEDIUM] CVE-2021-2170: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t