CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2021-23240 59 +Priv 2021-01-12 2021-09-13
4.4
None Local Medium Not required Partial Partial Partial
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
152 CVE-2021-23215 400 Overflow 2021-06-08 2021-12-01
4.3
None Remote Medium Not required None None Partial
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
153 CVE-2021-23134 416 2021-05-12 2021-09-07
4.6
None Local Low Not required Partial Partial Partial
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
154 CVE-2021-22947 345 2021-09-29 2021-11-28
4.3
None Remote Medium Not required None Partial None
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
155 CVE-2021-22924 706 2021-08-05 2021-12-10
4.3
None Remote Medium Not required Partial None None
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.
156 CVE-2021-22922 354 2021-08-05 2021-12-10
4.3
None Remote Medium Not required None Partial None
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.
157 CVE-2021-22890 290 2021-04-01 2021-07-20
4.3
None Remote Medium Not required None Partial None
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.
158 CVE-2021-22543 119 Overflow Bypass 2021-05-26 2021-12-17
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
159 CVE-2021-22004 287 2021-09-08 2021-12-02
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.
160 CVE-2021-21394 20 2021-04-12 2021-11-23
4.0
None Remote Low ??? None None Partial
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
161 CVE-2021-21393 20 2021-04-12 2021-11-23
4.3
None Remote Medium Not required None None Partial
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.
162 CVE-2021-21392 601 2021-04-12 2021-11-23
4.9
None Remote Medium ??? Partial Partial None
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.
163 CVE-2021-21367 863 2021-03-12 2021-03-23
4.3
None Local Network Medium Not required Partial Partial None
Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it's possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI).
164 CVE-2021-21334 668 2021-03-10 2021-05-26
4.3
None Remote Medium Not required Partial None None
In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
165 CVE-2021-21332 79 XSS CSRF 2021-03-26 2021-11-23
4.3
None Remote Medium Not required None Partial None
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.
166 CVE-2021-21274 400 DoS 2021-02-26 2021-11-23
4.3
None Remote Medium Not required None None Partial
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.
167 CVE-2021-21229 346 2021-04-30 2021-06-01
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
168 CVE-2021-21228 863 Bypass 2021-04-30 2021-06-01
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
169 CVE-2021-21222 787 Overflow Bypass 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
170 CVE-2021-21221 20 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
171 CVE-2021-21219 200 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
172 CVE-2021-21218 908 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
173 CVE-2021-21217 200 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
174 CVE-2021-21216 290 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
175 CVE-2021-21215 290 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
176 CVE-2021-21212 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowed a remote attacker to potentially compromise WiFi connection security via a malicious WAP.
177 CVE-2021-21211 346 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
178 CVE-2021-21210 668 2021-04-26 2021-06-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
179 CVE-2021-21209 346 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
180 CVE-2021-21208 20 2021-04-26 2021-06-03
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.
181 CVE-2021-21198 125 2021-04-09 2021-06-07
4.3
None Remote Medium Not required Partial None None
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
182 CVE-2021-21189 287 Bypass 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
183 CVE-2021-21187 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
184 CVE-2021-21186 863 Bypass 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code.
185 CVE-2021-21185 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
186 CVE-2021-21184 346 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
187 CVE-2021-21183 346 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
188 CVE-2021-21182 863 Bypass 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
189 CVE-2021-21181 203 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
190 CVE-2021-21178 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
191 CVE-2021-21177 287 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
192 CVE-2021-21176 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
193 CVE-2021-21175 346 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
194 CVE-2021-21173 203 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
195 CVE-2021-21171 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
196 CVE-2021-21170 2021-03-09 2021-12-03
4.3
None Remote Medium Not required None Partial None
Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
197 CVE-2021-21168 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
198 CVE-2021-21164 346 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
199 CVE-2021-21163 346 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.
200 CVE-2021-21147 2021-02-09 2021-05-01
4.3
None Remote Medium Not required None Partial None
Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Total number of vulnerabilities : 702   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.