Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | ||||
| CVE-2021-34555 | 2 Fedoraproject, Trusteddomain | 2 Fedora, Opendmarc | 2024-11-21 | 7.5 High |
| OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. | ||||
| CVE-2021-34552 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Pillow and 2 more | 2024-11-21 | 9.8 Critical |
| Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | ||||
| CVE-2021-34551 | 3 Fedoraproject, Microsoft, Phpmailer Project | 3 Fedora, Windows, Phpmailer | 2024-11-21 | 8.1 High |
| PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | ||||
| CVE-2021-34434 | 2 Eclipse, Fedoraproject | 2 Mosquitto, Fedora | 2024-11-21 | 5.3 Medium |
| In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | ||||
| CVE-2021-34363 | 2 Fedoraproject, The Fuck Project | 2 Fedora, The Fuck | 2024-11-21 | 9.1 Critical |
| The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | ||||
| CVE-2021-34342 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. | ||||
| CVE-2021-34341 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-34340 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-34339 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-34338 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-34335 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-11-21 | 4.7 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5. | ||||
| CVE-2021-34334 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-11-21 | 5.5 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | ||||
| CVE-2021-33910 | 5 Debian, Fedoraproject, Netapp and 2 more | 8 Debian Linux, Fedora, Hci Management Node and 5 more | 2024-11-21 | 5.5 Medium |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | ||||
| CVE-2021-33909 | 7 Debian, Fedoraproject, Linux and 4 more | 16 Debian Linux, Fedora, Linux Kernel and 13 more | 2024-11-21 | 7.8 High |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | ||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-11-21 | 5.3 Medium |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | ||||
| CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | ||||
| CVE-2021-33813 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Solr, Tika, Debian Linux and 7 more | 2024-11-21 | 7.5 High |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2021-33646 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-11-21 | 7.5 High |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | ||||
| CVE-2021-33645 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-11-21 | 7.5 High |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | ||||