CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject » Fedora » 33 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44026 89 Sql 2021-11-19 2021-12-16
7.5
None Remote Low Not required Partial Partial Partial
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
2 CVE-2021-44025 79 XSS 2021-11-19 2021-12-16
4.3
None Remote Medium Not required None Partial None
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
3 CVE-2021-43056 2021-10-28 2021-11-28
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
4 CVE-2021-42782 787 Overflow 2022-04-18 2022-04-25
5.0
None Remote Low Not required None None Partial
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
5 CVE-2021-42781 787 Overflow 2022-04-18 2022-04-25
5.0
None Remote Low Not required None None Partial
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
6 CVE-2021-42780 252 2022-04-18 2022-04-25
5.0
None Remote Low Not required None None Partial
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
7 CVE-2021-42779 416 2022-04-18 2022-04-28
5.0
None Remote Low Not required None None Partial
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
8 CVE-2021-42778 672 2022-04-18 2022-04-28
5.0
None Remote Low Not required None None Partial
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
9 CVE-2021-42762 Bypass 2021-10-20 2021-11-26
4.6
None Local Low Not required Partial Partial Partial
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
10 CVE-2021-42739 787 Overflow 2021-10-20 2022-04-06
4.6
None Local Low Not required Partial Partial Partial
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
11 CVE-2021-42716 120 Overflow 2021-10-21 2022-05-13
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
12 CVE-2021-42715 835 DoS 2021-10-21 2022-05-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
13 CVE-2021-42574 94 2021-11-01 2022-05-12
5.1
None Remote High Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.
14 CVE-2021-42386 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
15 CVE-2021-42385 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
16 CVE-2021-42384 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
17 CVE-2021-42383 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
18 CVE-2021-42382 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
19 CVE-2021-42381 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
20 CVE-2021-42380 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
21 CVE-2021-42379 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
22 CVE-2021-42378 416 DoS Exec Code 2021-11-15 2022-01-04
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
23 CVE-2021-42377 763 DoS Exec Code 2021-11-15 2022-03-31
6.8
None Remote Medium Not required Partial Partial Partial
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
24 CVE-2021-42376 476 DoS 2021-11-15 2022-03-31
1.9
None Local Medium Not required None None Partial
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
25 CVE-2021-42375 DoS 2021-11-15 2022-03-31
1.9
None Local Medium Not required None None Partial
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
26 CVE-2021-42374 125 DoS +Info 2021-11-15 2022-03-31
3.3
None Local Medium Not required Partial None Partial
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
27 CVE-2021-42373 476 DoS 2021-11-15 2022-03-31
2.1
None Local Low Not required None None Partial
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
28 CVE-2021-41991 190 Exec Code Overflow 2021-10-18 2022-04-12
5.0
None Remote Low Not required None None Partial
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
29 CVE-2021-41990 190 Exec Code Overflow 2021-10-18 2022-04-12
5.0
None Remote Low Not required None None Partial
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
30 CVE-2021-41864 190 Overflow 2021-10-02 2022-03-25
4.6
None Local Low Not required Partial Partial Partial
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
31 CVE-2021-41800 770 DoS 2021-10-11 2021-11-28
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
32 CVE-2021-41799 770 DoS 2021-10-11 2021-11-26
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
33 CVE-2021-41798 79 XSS 2021-10-11 2021-11-26
4.3
None Remote Medium Not required None Partial None
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
34 CVE-2021-41617 269 2021-09-26 2022-04-20
4.4
None Local Medium Not required Partial Partial Partial
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
35 CVE-2021-41184 79 Exec Code XSS 2021-10-26 2022-04-20
4.3
None Remote Medium Not required None Partial None
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
36 CVE-2021-41183 79 Exec Code XSS 2021-10-26 2022-04-20
4.3
None Remote Medium Not required None Partial None
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.
37 CVE-2021-41182 79 Exec Code XSS 2021-10-26 2022-04-20
4.3
None Remote Medium Not required None Partial None
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
38 CVE-2021-41160 787 2021-10-21 2021-11-29
6.8
None Remote Medium Not required Partial Partial Partial
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
39 CVE-2021-41133 20 2021-10-08 2021-12-04
4.6
None Local Low Not required Partial Partial Partial
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.
40 CVE-2021-41099 190 DoS Exec Code Overflow 2021-10-04 2022-04-20
6.0
None Remote Medium ??? Partial Partial Partial
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
41 CVE-2021-41073 269 +Priv 2021-09-19 2022-06-05
7.2
None Local Low Not required Complete Complete Complete
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
42 CVE-2021-40530 327 2021-09-06 2021-10-18
2.6
None Remote High Not required Partial None None
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
43 CVE-2021-40490 362 2021-09-03 2022-04-05
4.4
None Local Medium Not required Partial Partial Partial
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
44 CVE-2021-40346 190 Overflow Bypass 2021-09-08 2021-12-02
5.0
None Remote Low Not required None Partial None
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
45 CVE-2021-40153 22 Dir. Trav. 2021-08-27 2021-10-07
5.8
None Remote Medium Not required None Partial Partial
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
46 CVE-2021-39360 295 2021-08-22 2021-11-28
4.3
None Remote Medium Not required Partial None None
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
47 CVE-2021-39358 295 2021-08-22 2021-11-28
4.3
None Remote Medium Not required Partial None None
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
48 CVE-2021-39272 326 2021-08-30 2021-12-16
4.3
None Remote Medium Not required Partial None None
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
49 CVE-2021-39254 190 Overflow 2021-09-07 2021-11-30
6.9
None Local Medium Not required Complete Complete Complete
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.
50 CVE-2021-39253 125 2021-09-07 2021-11-29
6.9
None Local Medium Not required Complete Complete Complete
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
Total number of vulnerabilities : 1145   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.