Fedora Project Fedora Project

Do you want an email whenever new security vulnerabilities are reported in any Fedora Project product?

Products by Fedora Project Sorted by Most Security Vulnerabilities since 2018

Fedora Project Fedora1190 vulnerabilities

Fedora Project Sssd4 vulnerabilities

Fedora Project Fedora Core2 vulnerabilities

@fedora Tweets

RT @JenInnovate: Looking to learn more about #opensource communities? Join us at #RHSummit! You'll find communities like @fedora @Ceph @R…
Wed Apr 21 01:49:44 +0000 2021

RT @openSUSE: A big THANK YOU to our @openSUSE Conference sponsors @SUSE and @fedora! Another BIG thank you to two new conference sponsors…
Tue Apr 20 12:26:46 +0000 2021

By the Year

In 2021 there have been 269 vulnerabilities in Fedora Project with an average score of 7.0 out of ten. Last year Fedora Project had 385 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Fedora Project in 2021 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.06.

Year Vulnerabilities Average Score
2021 269 7.00
2020 385 6.95
2019 328 7.25
2018 62 7.05

It may take a day or so for new Fedora Project vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Fedora Project Security Vulnerabilities

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements

CVE-2021-29154 7.8 - High - April 08, 2021

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.

Command Injection

An issue was discovered in the Linux kernel through 5.11.11

CVE-2021-30178 5.5 - Medium - April 07, 2021

An issue was discovered in the Linux kernel through 5.11.11. synic_get in arch/x86/kvm/hyperv.c has a NULL pointer dereference for certain accesses to the SynIC Hyper-V context, aka CID-919f4ebc5987.

NULL Pointer Dereference

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control

CVE-2021-29424 7.5 - High - April 06, 2021

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

AuthZ

A memory corruption issue was addressed with improved validation

CVE-2021-1844 8.8 - High - April 02, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Buffer Overflow

A logic issue was addressed with improved restrictions

CVE-2021-1871 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

A port redirection issue was addressed with additional port validation

CVE-2021-1799 6.5 - Medium - April 02, 2021

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

This issue was addressed with improved iframe sandbox enforcement

CVE-2021-1801 6.5 - Medium - April 02, 2021

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

"Clear History and Website Data" did not clear the history

CVE-2020-29623 3.3 - Low - April 02, 2021

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

This issue was addressed with improved iframe sandbox enforcement

CVE-2021-1765 6.5 - Medium - April 02, 2021

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

A use after free issue was addressed with improved memory management

CVE-2021-1788 8.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A type confusion issue was addressed with improved state handling

CVE-2021-1789 8.8 - High - April 02, 2021

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header

CVE-2021-22876 5.3 - Medium - April 01, 2021

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Information Disclosure

curl 7.63.0 to and including 7.75.0 includes vulnerability

CVE-2021-22890 3.7 - Low - April 01, 2021

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.

Authentication Bypass by Spoofing

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29646 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29647 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29648 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245.

Improper Restriction of Excessive Authentication Attempts

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29649 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.

Memory Leak

An issue was discovered in the Linux kernel before 5.11.11

CVE-2021-29650 5.5 - Medium - March 30, 2021

An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.

A flaw was found in RPM's signature check functionality when reading a package file

CVE-2021-20271 7 - High - March 26, 2021

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Insufficient Verification of Data Authenticity

A flaw was found in Privoxy in versions before 3.0.29

CVE-2020-35502 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20210 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20211 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20212 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20213 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.

NULL Pointer Dereference

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20214 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.29

CVE-2021-20215 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

Memory Leak

A flaw was found in Privoxy in versions before 3.0.31

CVE-2021-20216 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.

Resource Exhaustion

A flaw was found in Privoxy in versions before 3.0.31

CVE-2021-20217 7.5 - High - March 25, 2021

A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.

assertion failure

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder

CVE-2021-3443 5.5 - Medium - March 25, 2021

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

NULL Pointer Dereference

A flaw was found in libtpms in versions before 0.8.2

CVE-2021-3446 5.5 - Medium - March 25, 2021

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Use of a Broken or Risky Cryptographic Algorithm

A flaw was found in libmicrohttpd in versions before 0.9.71

CVE-2021-3466 9.8 - Critical - March 25, 2021

A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Classic Buffer Overflow

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder

CVE-2021-3467 5.5 - Medium - March 25, 2021

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

NULL Pointer Dereference

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain

CVE-2021-3450 7.4 - High - March 25, 2021

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

Improper Certificate Validation

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective

CVE-2021-3409 5.7 - Medium - March 23, 2021

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

Buffer Overflow

A use-after-free flaw was found in the MegaRAID emulator of QEMU

CVE-2021-3392 3.2 - Low - March 23, 2021

A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.

Dangling pointer

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input

CVE-2021-20270 7.5 - High - March 23, 2021

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Infinite Loop

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash

CVE-2021-28971 5.5 - Medium - March 22, 2021

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.

Resource Exhaustion

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace

CVE-2021-28972 6.7 - Medium - March 22, 2021

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.

Classic Buffer Overflow

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8

CVE-2021-28964 4.7 - Medium - March 22, 2021

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

Race Condition

An issue was discovered in the Linux kernel before 5.11.8

CVE-2020-27170 4.7 - Medium - March 20, 2021

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.

Side Channel Attack

An issue was discovered in the Linux kernel before 5.11.8

CVE-2020-27171 6 - Medium - March 20, 2021

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.

off-by-five

An issue was discovered in the Linux kernel through 5.11.8

CVE-2021-28952 7.8 - High - March 20, 2021

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

Classic Buffer Overflow

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8

CVE-2021-28950 5.5 - Medium - March 20, 2021

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

Excessive Iteration

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8

CVE-2021-28951 5.5 - Medium - March 20, 2021

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.

A flaw was found in http-proxy-agent, prior to version 2.1.0

CVE-2019-10196 9.8 - Critical - March 19, 2021

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Improper Initialization

A carefully crafted PDF file can trigger an infinite loop while loading the file

CVE-2021-27807 5.5 - Medium - March 19, 2021

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Excessive Iteration

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file

CVE-2021-27906 5.5 - Medium - March 19, 2021

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes

CVE-2021-28834 9.8 - Critical - March 19, 2021

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target

CVE-2021-28089 7.5 - High - March 19, 2021

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

Resource Exhaustion

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure

CVE-2021-28090 5.3 - Medium - March 19, 2021

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault

CVE-2021-28831 7.5 - High - March 19, 2021

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Improper Handling of Exceptional Conditions

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0

CVE-2021-3416 6 - Medium - March 18, 2021

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

Infinite Loop

A flaw was found in multiple versions of OpenvSwitch

CVE-2020-27827 7.5 - High - March 18, 2021

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Resource Exhaustion

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6

CVE-2021-28660 7.8 - High - March 17, 2021

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

Memory Corruption

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software

CVE-2021-28650 5.5 - Medium - March 17, 2021

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.

insecure temporary file

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations

CVE-2021-28543 7.5 - High - March 16, 2021

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both Varnish Cache and varnish-modules. Specifically, an assertion failure or NULL pointer dereference can be triggered in Varnish Cache through the varnish-modules header.append() and header.copy() functions. For some Varnish Configuration Language (VCL) files, this gives remote clients an opportunity to cause a Varnish Cache restart. A restart reduces overall availability and performance due to an increased number of cache misses, and may cause higher load on backend servers.

NULL Pointer Dereference

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2

CVE-2021-20279 5.4 - Medium - March 15, 2021

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

XSS

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2

CVE-2021-20280 5.4 - Medium - March 15, 2021

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

XSS

It was possible for some users without permission to view other users' full names to do so

CVE-2021-20281 5.3 - Medium - March 15, 2021

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Information Disclosure

When creating a user account

CVE-2021-20282 5.3 - Medium - March 15, 2021

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

AuthZ

The web service responsible for fetching other users' enrolled courses did not validate

CVE-2021-20283 4.3 - Medium - March 15, 2021

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

AuthZ

A flaw was found in pki-core

CVE-2021-20179 8.1 - High - March 15, 2021

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

AuthZ

An issue was discovered in the Linux kernel through 5.11.6

CVE-2021-28375 7.8 - High - March 15, 2021

An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.

Improper Privilege Management

Switchboard Bluetooth Plug for elementary OS

CVE-2021-21367 8.1 - High - March 12, 2021

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it's possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI).

AuthZ

An issue was discovered in GNOME GLib before 2.66.8

CVE-2021-28153 5.3 - Medium - March 11, 2021

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)

insecure temporary file

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux

CVE-2021-21381 8.2 - High - March 11, 2021

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.

Injection

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client

CVE-2021-21334 6.3 - Medium - March 10, 2021

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.

Exposure of Resource to Wrong Sphere

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0

CVE-2021-21772 8.1 - High - March 10, 2021

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Dangling pointer

Git is an open-source distributed revision control system

CVE-2021-21300 7.5 - High - March 09, 2021

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.

insecure temporary file

A flaw was found in ImageMagick in MagickCore/visual-effects.c

CVE-2021-20244 5.5 - Medium - March 09, 2021

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Divide By Zero

A flaw was found in ImageMagick in coders/webp.c

CVE-2021-20245 5.5 - Medium - March 09, 2021

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Divide By Zero

A flaw was found in ImageMagick in MagickCore/resample.c

CVE-2021-20246 5.5 - Medium - March 09, 2021

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Divide By Zero

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72

CVE-2021-21159 8.8 - High - March 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72

CVE-2021-21160 8.8 - High - March 09, 2021

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72

CVE-2021-21161 8.8 - High - March 09, 2021

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Memory Corruption

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72

CVE-2021-21162 8.8 - High - March 09, 2021

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72

CVE-2021-21163 6.5 - Medium - March 09, 2021

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.

Origin Validation Error

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72

CVE-2021-21164 6.5 - Medium - March 09, 2021

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Data race in audio in Google Chrome prior to 89.0.4389.72

CVE-2021-21165 8.8 - High - March 09, 2021

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Data race in audio in Google Chrome prior to 89.0.4389.72

CVE-2021-21166 8.8 - High - March 09, 2021

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Buffer Overflow

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72

CVE-2021-21167 8.8 - High - March 09, 2021

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72

CVE-2021-21168 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72

CVE-2021-21169 8.8 - High - March 09, 2021

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Buffer Overflow

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72

CVE-2021-21170 6.5 - Medium - March 09, 2021

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72

CVE-2021-21171 6.5 - Medium - March 09, 2021

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72

CVE-2021-21172 8.1 - High - March 09, 2021

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72

CVE-2021-21173 6.5 - Medium - March 09, 2021

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72

CVE-2021-21174 8.8 - High - March 09, 2021

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72

CVE-2021-21175 6.5 - Medium - March 09, 2021

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72

CVE-2021-21176 6.5 - Medium - March 09, 2021

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72

CVE-2021-21177 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

authentification

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72

CVE-2021-21178 6.5 - Medium - March 09, 2021

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72

CVE-2021-21179 8.8 - High - March 09, 2021

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Use after free in tab search in Google Chrome prior to 89.0.4389.72

CVE-2021-21180 8.8 - High - March 09, 2021

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Dangling pointer

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72

CVE-2021-21181 6.5 - Medium - March 09, 2021

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72

CVE-2021-21182 6.5 - Medium - March 09, 2021

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.

AuthZ

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72

CVE-2021-21183 4.3 - Medium - March 09, 2021

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72

CVE-2021-21184 4.3 - Medium - March 09, 2021

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Origin Validation Error

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72

CVE-2021-21185 4.3 - Medium - March 09, 2021

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72

CVE-2021-21186 4.3 - Medium - March 09, 2021

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.

AuthZ

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.