Fedoraproject

Fedora

5319 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-3404

Exploit
  • EPSS 2.07%
  • Published 04.03.2021 22:15:14
  • Last modified 21.11.2024 06:21:25

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

4.9

CVE-2020-25639

Exploit
  • EPSS 0.13%
  • Published 04.03.2021 22:15:13
  • Last modified 21.11.2024 05:18:18

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

9.8

CVE-2020-28636

  • EPSS 0.69%
  • Published 04.03.2021 20:15:13
  • Last modified 21.11.2024 05:23:04

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to t...

9.8

CVE-2020-35628

  • EPSS 0.52%
  • Published 04.03.2021 20:15:13
  • Last modified 21.11.2024 05:27:44

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious i...

9.8

CVE-2020-28601

  • EPSS 0.53%
  • Published 04.03.2021 20:15:12
  • Last modified 21.11.2024 05:22:59

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious inpu...

6.5

CVE-2021-22877

Exploit
  • EPSS 0.28%
  • Published 03.03.2021 18:15:14
  • Last modified 21.11.2024 05:50:49

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.

4.8

CVE-2021-22878

Exploit
  • EPSS 0.37%
  • Published 03.03.2021 18:15:14
  • Last modified 21.11.2024 05:50:49

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.

7.8

CVE-2021-22883

  • EPSS 91.32%
  • Published 03.03.2021 18:15:14
  • Last modified 21.11.2024 05:50:49

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is con...

7.5

CVE-2021-22884

Exploit
  • EPSS 0.4%
  • Published 03.03.2021 18:15:14
  • Last modified 21.11.2024 05:50:50

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over ne...

6.5

CVE-2020-28591

Exploit
  • EPSS 0.32%
  • Published 03.03.2021 18:15:13
  • Last modified 21.11.2024 05:22:58

An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a m...