Fedoraproject Fedora vulnerabilities

CVE-2021-3482 [MEDIUM] CWE-20 CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.

CVE-2021-3448 [MEDIUM] CWE-358 CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This

CVE-2021-30184 [HIGH] CWE-120 CVE-2021-30184: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.

CVE-2021-30178 [MEDIUM] CWE-476 CVE-2021-30178: An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

CVE-2020-36314 [LOW] CVE-2020-36314: fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other softwa fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

CVE-2021-29424 [HIGH] CWE-704 CVE-2021-29424: The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

CVE-2021-30158 [MEDIUM] CWE-287 CVE-2021-30158: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the toke

CVE-2021-30154 [MEDIUM] CWE-79 CVE-2021-30154: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Spec An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS.

CVE-2021-30157 [MEDIUM] CWE-79 CVE-2021-30157: An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Chan An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

CVE-2021-28658 [MEDIUM] CWE-22 CVE-2021-28658: In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed direct In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.

CVE-2021-20307 [CRITICAL] CWE-134 CVE-2021-20307: Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlie Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.

CVE-2021-20305 [HIGH] CWE-327 CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification fun A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing

CVE-2021-1870 [CRITICAL] CVE-2021-1870: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, S A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2021-1871 [CRITICAL] CVE-2021-1871: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, S A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2021-1788 [HIGH] CWE-416 CVE-2021-1788: A use after free issue was addressed with improved memory management. This issue is fixed in macOS B A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-1844 [HIGH] CWE-787 CVE-2021-1844: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-1789 [HIGH] CWE-843 CVE-2021-1789: A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-1765 [MEDIUM] CVE-2021-1765: This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

CVE-2021-1799 [MEDIUM] CVE-2021-1799: A port redirection issue was addressed with additional port validation. This issue is fixed in macOS A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

CVE-2021-1801 [MEDIUM] CVE-2021-1801: This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.