Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.4%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:41

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered comman...

  • EPSS 3.38%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:41

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under...

  • EPSS 2.54%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:44

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

  • EPSS 2.58%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:45

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

  • EPSS 2.79%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:45

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function

  • EPSS 2.58%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:45

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function

  • EPSS 2.54%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:45

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

Exploit
  • EPSS 2.53%
  • Veröffentlicht 13.11.2021 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:31

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers t...

Exploit
  • EPSS 0.94%
  • Veröffentlicht 10.11.2021 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:14:12

A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

Exploit
  • EPSS 1.14%
  • Veröffentlicht 09.11.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:20

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.