Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-39920

Exploit
  • EPSS 0.53%
  • Veröffentlicht 18.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:33

NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file

7.5

CVE-2021-39928

Exploit
  • EPSS 1.34%
  • Veröffentlicht 18.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:20:35

NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

9.8

CVE-2021-27023

  • EPSS 0.4%
  • Veröffentlicht 18.11.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:57:11

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

6.5

CVE-2021-27025

  • EPSS 0.53%
  • Veröffentlicht 18.11.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:57:12

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

5

CVE-2021-41190

  • EPSS 0.34%
  • Veröffentlicht 17.11.2021 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:25:43

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of docume...

5.4

CVE-2021-41164

  • EPSS 0.08%
  • Veröffentlicht 17.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:25:38

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML by...

6.7

CVE-2021-43975

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:30:07

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

4.6

CVE-2021-43976

  • EPSS 0.04%
  • Veröffentlicht 17.11.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:30:07

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

6.5

CVE-2021-43337

  • EPSS 0.53%
  • Veröffentlicht 17.11.2021 06:15:06
  • Zuletzt bearbeitet 21.11.2024 06:29:06

SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to wh...

7.2

CVE-2021-42383

  • EPSS 0.29%
  • Veröffentlicht 15.11.2021 21:15:08
  • Zuletzt bearbeitet 23.04.2025 20:15:34

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function