Fedoraproject Fedora vulnerabilities

CVE-2021-38020 [MEDIUM] CVE-2021-38020: Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2021-38021 [MEDIUM] CVE-2021-38021: Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote att Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVE-2021-4068 [MEDIUM] CWE-116 CVE-2021-4068: Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-38019 [MEDIUM] CWE-670 CVE-2021-38019: Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote atta Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-4054 [MEDIUM] CVE-2021-4054: Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker t Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2021-38022 [MEDIUM] CVE-2021-38022: Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a r Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-4024 [MEDIUM] CWE-200 CVE-2021-4024: A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` A

CVE-2021-38018 [MEDIUM] CVE-2021-38018: Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote a Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2021-38010 [MEDIUM] CVE-2021-38010: Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a rem Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2021-3622 [MEDIUM] CWE-400 CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Win A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

CVE-2021-4059 [MEDIUM] CWE-20 CVE-2021-4059: Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attac Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-38009 [MEDIUM] CWE-203 CVE-2021-38009: Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attack Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2021-44733 [HIGH] CWE-362 CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5. A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

CVE-2021-45290 [HIGH] CWE-617 CVE-2021-45290: A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_un A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.

CVE-2021-45450 [HIGH] CWE-327 CVE-2021-45450: In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

CVE-2021-45451 [HIGH] CWE-327 CVE-2021-45451: In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption wh In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.

CVE-2021-45293 [MEDIUM] CWE-119 CVE-2021-45293: A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereferenc A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.

CVE-2021-44790 [CRITICAL] CWE-787 CVE-2021-44790: A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:pars A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2021-44224 [HIGH] CWE-476 CVE-2021-44224: A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to

CVE-2021-4011 [HIGH] CWE-119 CVE-2021-4011: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.