Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2021-23134

  • EPSS 0.03%
  • Published 12.05.2021 23:15:07
  • Last modified 21.11.2024 05:51:16

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

7.5

CVE-2020-27840

  • EPSS 17.99%
  • Published 12.05.2021 15:15:07
  • Last modified 21.11.2024 05:21:54

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from...

7.5

CVE-2021-20277

  • EPSS 14.91%
  • Published 12.05.2021 14:15:11
  • Last modified 21.11.2024 05:46:16

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is...

7.8

CVE-2021-32606

  • EPSS 0.12%
  • Published 11.05.2021 23:15:09
  • Last modified 21.11.2024 06:07:21

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

5.8

CVE-2021-3504

  • EPSS 0.12%
  • Published 11.05.2021 23:15:09
  • Last modified 21.11.2024 06:21:42

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memor...

4.6

CVE-2021-31204

  • EPSS 8.69%
  • Published 11.05.2021 19:15:10
  • Last modified 21.11.2024 06:05:17

.NET and Visual Studio Elevation of Privilege Vulnerability

5.3

CVE-2021-29471

  • EPSS 0.61%
  • Published 11.05.2021 15:15:08
  • Last modified 21.11.2024 06:01:11

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will...

6.1

CVE-2020-13529

Exploit
  • EPSS 0.07%
  • Published 10.05.2021 16:15:07
  • Last modified 21.11.2024 05:01:26

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and...

4.3

CVE-2021-32056

  • EPSS 0.21%
  • Published 10.05.2021 14:15:07
  • Last modified 21.11.2024 06:06:46

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

5.3

CVE-2021-21419

  • EPSS 0.1%
  • Published 07.05.2021 15:15:07
  • Last modified 21.11.2024 05:48:19

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch i...