Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-31812

  • EPSS 0.04%
  • Published 12.06.2021 10:15:07
  • Last modified 21.11.2024 06:06:16

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

3.1

CVE-2021-22898

Exploit
  • EPSS 0.14%
  • Published 11.06.2021 16:15:11
  • Last modified 21.11.2024 05:50:52

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NE...

9.8

CVE-2021-22915

  • EPSS 0.49%
  • Published 11.06.2021 16:15:11
  • Last modified 21.11.2024 05:50:54

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nex...

4.6

CVE-2021-34557

Exploit
  • EPSS 0.07%
  • Published 10.06.2021 16:15:08
  • Last modified 21.11.2024 06:10:40

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The ...

7.5

CVE-2021-34555

Exploit
  • EPSS 0.48%
  • Published 10.06.2021 15:15:09
  • Last modified 21.11.2024 06:10:39

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

9.1

CVE-2021-34363

  • EPSS 1.13%
  • Published 10.06.2021 11:15:09
  • Last modified 21.11.2024 06:10:14

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

5.3

CVE-2019-17567

  • EPSS 6.96%
  • Published 10.06.2021 07:15:07
  • Last modified 21.11.2024 04:32:32

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to p...

7.5

CVE-2020-13950

  • EPSS 16.69%
  • Published 10.06.2021 07:15:07
  • Last modified 21.11.2024 05:02:13

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

7.3

CVE-2020-35452

  • EPSS 11.72%
  • Published 10.06.2021 07:15:07
  • Last modified 21.11.2024 05:27:18

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particula...

7.5

CVE-2021-26690

  • EPSS 76.56%
  • Published 10.06.2021 07:15:07
  • Last modified 21.11.2024 05:56:40

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service