Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 15.78%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk he...

  • EPSS 3.84%
  • Veröffentlicht 04.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:31

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code exec...

  • EPSS 0.48%
  • Veröffentlicht 04.10.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:25:28

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise u...

  • EPSS 0.38%
  • Veröffentlicht 02.10.2021 00:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:55

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.

Exploit
  • EPSS 4.22%
  • Veröffentlicht 29.09.2021 20:15:08
  • Zuletzt bearbeitet 16.04.2026 15:16:44

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This ...

Exploit
  • EPSS 2.8%
  • Veröffentlicht 29.09.2021 20:15:08
  • Zuletzt bearbeitet 16.04.2026 15:16:44

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not ...

  • EPSS 2.37%
  • Veröffentlicht 26.09.2021 19:15:07
  • Zuletzt bearbeitet 14.07.2026 12:16:47

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsC...

Exploit
  • EPSS 6.22%
  • Veröffentlicht 23.09.2021 13:15:08
  • Zuletzt bearbeitet 09.06.2025 15:15:25

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

  • EPSS 1.86%
  • Veröffentlicht 20.09.2021 18:15:11
  • Zuletzt bearbeitet 21.11.2024 06:07:51

Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1.

  • EPSS 1.72%
  • Veröffentlicht 19.09.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:23

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.