Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.3

CVE-2021-36087

Exploit
  • EPSS 0.02%
  • Veröffentlicht 01.07.2021 03:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:07

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.

5.5

CVE-2021-3630

  • EPSS 0.11%
  • Veröffentlicht 30.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:01

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.

7.5

CVE-2021-33503

  • EPSS 0.86%
  • Veröffentlicht 29.06.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:08:58

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed ...

5.8

CVE-2021-33515

  • EPSS 3.18%
  • Veröffentlicht 28.06.2021 13:15:20
  • Zuletzt bearbeitet 21.11.2024 06:08:59

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

4.3

CVE-2020-28200

  • EPSS 0.96%
  • Veröffentlicht 28.06.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:22:28

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.

5.5

CVE-2021-29157

  • EPSS 0.11%
  • Veröffentlicht 28.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:00:48

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation w...

9.3

CVE-2021-32708

  • EPSS 7.3%
  • Veröffentlicht 24.06.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:34

Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The ...

5.5

CVE-2021-0561

  • EPSS 0.02%
  • Veröffentlicht 22.06.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:42:55

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ...

7.5

CVE-2021-29063

Exploit
  • EPSS 2.35%
  • Veröffentlicht 21.06.2021 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:00:37

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.

3.3

CVE-2020-18442

Exploit
  • EPSS 0.06%
  • Veröffentlicht 18.06.2021 15:15:08
  • Zuletzt bearbeitet 10.07.2025 15:44:54

Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".