Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-34556

  • EPSS 0.04%
  • Veröffentlicht 02.08.2021 05:15:07
  • Zuletzt bearbeitet 21.11.2024 06:10:40

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory l...

5.5

CVE-2021-35477

  • EPSS 0.04%
  • Veröffentlicht 02.08.2021 04:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:21

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a st...

6.1

CVE-2021-37746

  • EPSS 0.48%
  • Veröffentlicht 30.07.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:15:51

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

7.5

CVE-2021-36386

  • EPSS 0.26%
  • Veröffentlicht 30.07.2021 14:15:18
  • Zuletzt bearbeitet 21.11.2024 06:13:39

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE...

7.1

CVE-2021-32610

  • EPSS 2.96%
  • Veröffentlicht 30.07.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 06:07:22

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

6.1

CVE-2021-23414

Exploit
  • EPSS 0.44%
  • Veröffentlicht 28.07.2021 08:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:40

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.

7.8

CVE-2021-37576

Exploit
  • EPSS 0.01%
  • Veröffentlicht 26.07.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:27

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.

5.9

CVE-2021-32791

  • EPSS 0.35%
  • Veröffentlicht 26.07.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:44

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GC...

6.1

CVE-2021-32792

  • EPSS 0.17%
  • Veröffentlicht 26.07.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:45

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is a...

7.5

CVE-2021-31292

Exploit
  • EPSS 0.55%
  • Veröffentlicht 26.07.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:05:24

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.