Fedoraproject Fedora vulnerabilities

CVE-2021-28708 [HIGH] CVE-2021-28708: PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of in

CVE-2021-28707 [HIGH] CVE-2021-28707: PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of in

CVE-2021-28705 [HIGH] CWE-755 CVE-2021-28705: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control

CVE-2021-41270 [MEDIUM] CWE-1236 CVE-2021-41270: Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framewor Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt

CVE-2021-38002 [CRITICAL] CWE-416 CVE-2021-38002: Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2021-38001 [HIGH] CWE-843 CVE-2021-38001: Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37997 [HIGH] CWE-416 CVE-2021-37997: Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convi Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-38003 [HIGH] CWE-755 CVE-2021-38003: Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-37998 [HIGH] CWE-416 CVE-2021-37998: Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacke Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2021-41281 [HIGH] CWE-22 CVE-2021-41281: Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Sy Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chose

CVE-2021-38000 [MEDIUM] CWE-601 CVE-2021-38000: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.

CVE-2021-3672 [MEDIUM] CWE-79 CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned by A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

CVE-2021-37999 [MEDIUM] CWE-79 CVE-2021-37999: Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.

CVE-2021-44143 [CRITICAL] CWE-787 CVE-2021-44143: A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

CVE-2021-3935 [HIGH] CWE-89 CVE-2021-3935: When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject a When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.

CVE-2021-43559 [HIGH] CWE-352 CVE-2021-43559: A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

CVE-2021-43560 [MEDIUM] CWE-863 CVE-2021-43560: A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

CVE-2021-43558 [MEDIUM] CWE-79 CVE-2021-43558: A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

CVE-2021-28710 [HIGH] CWE-269 CVE-2021-28710: certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translati certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require

CVE-2021-40391 [CRITICAL] CWE-390 CVE-2021-40391: An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.