Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2021-3621

  • EPSS 0.29%
  • Veröffentlicht 23.12.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:00

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as...

4.3

CVE-2021-3622

Exploit
  • EPSS 0.45%
  • Veröffentlicht 23.12.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:00

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat f...

6.5

CVE-2021-4024

  • EPSS 0.1%
  • Veröffentlicht 23.12.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 06:36:44

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses o...

7.8

CVE-2021-45469

Exploit
  • EPSS 0.07%
  • Veröffentlicht 23.12.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 06:32:16

In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

7.8

CVE-2021-45463

  • EPSS 1.93%
  • Veröffentlicht 23.12.2021 06:15:06
  • Zuletzt bearbeitet 21.11.2024 06:32:15

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. N...

8.8

CVE-2021-4062

  • EPSS 2.44%
  • Veröffentlicht 23.12.2021 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:49

Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-4063

  • EPSS 1.87%
  • Veröffentlicht 23.12.2021 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:49

Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-4064

  • EPSS 1.33%
  • Veröffentlicht 23.12.2021 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:49

Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-4065

  • EPSS 1.6%
  • Veröffentlicht 23.12.2021 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:50

Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-4066

  • EPSS 2.64%
  • Veröffentlicht 23.12.2021 01:15:09
  • Zuletzt bearbeitet 21.11.2024 06:36:50

Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.