Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 5046 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29063 2 Fedoraproject, Mpmath 2 Fedora, Mpmath 2023-12-10 5.0 MEDIUM 7.5 HIGH
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
CVE-2021-21229 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2021-34825 2 Fedoraproject, Quassel-irc 2 Fedora, Quassel 2023-12-10 4.3 MEDIUM 7.5 HIGH
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
CVE-2021-21218 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
CVE-2021-25215 6 Debian, Fedoraproject, Isc and 3 more 25 Debian Linux, Fedora, Bind and 22 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
CVE-2021-30522 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30887 3 Apple, Debian, Fedoraproject 7 Ipados, Iphone Os, Macos and 4 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.
CVE-2021-30538 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-21393 2 Fedoraproject, Matrix 2 Fedora, Synapse 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
CVE-2021-33560 4 Debian, Fedoraproject, Gnupg and 1 more 8 Debian Linux, Fedora, Libgcrypt and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
CVE-2021-34552 3 Debian, Fedoraproject, Python 3 Debian Linux, Fedora, Pillow 2023-12-10 7.5 HIGH 9.8 CRITICAL
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVE-2021-30594 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 4.6 MEDIUM 6.8 MEDIUM
Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.
CVE-2020-36430 2 Fedoraproject, Libass Project 2 Fedora, Libass 2023-12-10 6.8 MEDIUM 7.8 HIGH
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
CVE-2021-33574 4 Debian, Fedoraproject, Gnu and 1 more 20 Debian Linux, Fedora, Glibc and 17 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVE-2021-30984 3 Apple, Debian, Fedoraproject 8 Ipados, Iphone Os, Macos and 5 more 2023-12-10 5.1 MEDIUM 7.5 HIGH
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-21332 2 Fedoraproject, Matrix 2 Fedora, Synapse 2023-12-10 4.3 MEDIUM 8.2 HIGH
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.
CVE-2021-31525 2 Fedoraproject, Golang 2 Fedora, Go 2023-12-10 2.6 LOW 5.9 MEDIUM
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
CVE-2021-29646 2 Fedoraproject, Linux 2 Fedora, Linux Kernel 2023-12-10 2.1 LOW 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.
CVE-2021-32056 2 Cyrus, Fedoraproject 2 Imap, Fedora 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
CVE-2021-2178 3 Fedoraproject, Netapp, Oracle 6 Fedora, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).