Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-43558

  • EPSS 0.45%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

8.8

CVE-2021-43559

  • EPSS 0.17%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

5.3

CVE-2021-43560

  • EPSS 0.24%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

8.1

CVE-2021-3935

  • EPSS 0.14%
  • Veröffentlicht 22.11.2021 16:15:07
  • Zuletzt bearbeitet 03.11.2025 20:15:50

When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBounc...

8.8

CVE-2021-28710

  • EPSS 0.04%
  • Veröffentlicht 21.11.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:00:11

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and I...

8.8

CVE-2021-21898

Exploit
  • EPSS 0.21%
  • Veröffentlicht 19.11.2021 20:15:17
  • Zuletzt bearbeitet 21.11.2024 05:49:12

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigge...

8.8

CVE-2021-21899

Exploit
  • EPSS 0.44%
  • Veröffentlicht 19.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:12

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigg...

8.8

CVE-2021-21900

Exploit
  • EPSS 0.28%
  • Veröffentlicht 19.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:12

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigge...

9.8

CVE-2021-40391

Exploit
  • EPSS 0.47%
  • Veröffentlicht 19.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:24:01

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An a...

7.5

CVE-2021-39921

Exploit
  • EPSS 1.34%
  • Veröffentlicht 19.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:34

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file