Fedoraproject Fedora vulnerabilities

CVE-2021-4008 [HIGH] CWE-119 CVE-2021-4008: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-41500 [HIGH] CWE-697 CVE-2021-41500: Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmo Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.

CVE-2021-4009 [HIGH] CWE-119 CVE-2021-4009: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-4010 [HIGH] CWE-119 CVE-2021-4010: A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds a A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-43518 [HIGH] CWE-120 CVE-2021-43518: Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.

CVE-2021-45078 [HIGH] CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial o stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

CVE-2021-45046 [CRITICAL] CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context M

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-44847 [CRITICAL] CWE-682 CVE-2021-44847: A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 an A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.

CVE-2020-16154 [HIGH] CWE-347 CVE-2020-16154: The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

CVE-2021-43818 [HIGH] CWE-74 CVE-2021-43818: lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HT lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch.

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-4048 [CRITICAL] CWE-125 CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVE-2021-44420 [HIGH] CVE-2021-44420: In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with t In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

CVE-2021-44686 [HIGH] CWE-400 CVE-2021-44686: calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

CVE-2021-3802 [MEDIUM] CWE-20 CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image fi A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.

CVE-2021-44225 [MEDIUM] CVE-2021-44225: In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

CVE-2021-28704 [HIGH] CVE-2021-28704: PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of in

CVE-2021-28706 [HIGH] CWE-770 CVE-2021-28706: guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence sma

CVE-2021-28709 [HIGH] CVE-2021-28709: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain