Fedoraproject Fedora vulnerabilities

CVE-2020-29623 [LOW] CVE-2020-29623: "Clear History and Website Data" did not clear the history. The issue was addressed with improved da "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

CVE-2021-29421 [HIGH] CWE-611 CVE-2021-29421: models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

CVE-2021-3447 [MEDIUM] CWE-532 CVE-2021-3447: A flaw was found in several ansible modules, where parameters containing credentials, such as secret A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal th

CVE-2021-22876 [MEDIUM] CWE-359 CVE-2021-22876: curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leak

CVE-2021-20291 [MEDIUM] CWE-667 CVE-2021-20291: A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Whe A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which neve

CVE-2021-22890 [LOW] CWE-300 CVE-2021-22890: curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MI curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the ho

CVE-2021-28163 [LOW] CWE-200 CVE-2021-28163: In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user use In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

CVE-2021-29648 [MEDIUM] CWE-307 CVE-2021-29648: An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly cons An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/ver

CVE-2021-29647 [MEDIUM] CWE-909 CVE-2021-29647: An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows a An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.

CVE-2021-29646 [MEDIUM] CVE-2021-29646: An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.

CVE-2021-29649 [MEDIUM] CWE-401 CVE-2021-29649: An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_pr An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.

CVE-2021-29650 [MEDIUM] CVE-2021-29650: An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.

CVE-2021-23358 [HIGH] CWE-94 CVE-2021-23358: The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerabl The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

CVE-2021-21332 [HIGH] CWE-79 CVE-2021-21332: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that S

CVE-2021-20271 [HIGH] CWE-345 CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allow A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality,

CVE-2021-21333 [MEDIUM] CWE-74 CVE-2021-21333: Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification fo

CVE-2021-3466 [CRITICAL] CWE-120 CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function le A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.

CVE-2020-1946 [CRITICAL] CWE-78 CVE-2020-1946: In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to r In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

CVE-2021-3450 [HIGH] CWE-295 CVE-2021-3450: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation

CVE-2021-3443 [MEDIUM] CWE-476 CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.