Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2021-39148

Exploit
  • EPSS 0.57%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:48:30

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39149

Exploit
  • EPSS 0.71%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:50:01

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.5

CVE-2021-39151

Exploit
  • EPSS 0.57%
  • Veröffentlicht 23.08.2021 18:15:12
  • Zuletzt bearbeitet 23.05.2025 16:49:36

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user...

8.8

CVE-2021-39139

  • EPSS 0.84%
  • Veröffentlicht 23.08.2021 18:15:10
  • Zuletzt bearbeitet 23.05.2025 16:52:49

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user ...

6.5

CVE-2021-37750

  • EPSS 0.72%
  • Veröffentlicht 23.08.2021 05:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:52

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

5.9

CVE-2021-39358

  • EPSS 0.22%
  • Veröffentlicht 22.08.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:19:24

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

5.9

CVE-2021-39359

  • EPSS 0.16%
  • Veröffentlicht 22.08.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:19:24

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

5.9

CVE-2021-39360

  • EPSS 0.52%
  • Veröffentlicht 22.08.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:19:24

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

7.5

CVE-2021-25218

Exploit
  • EPSS 0.4%
  • Veröffentlicht 18.08.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:34

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vu...

7.5

CVE-2021-39240

  • EPSS 0.07%
  • Veröffentlicht 17.08.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:59

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/...