Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-36377

  • EPSS 0.11%
  • Veröffentlicht 12.07.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:38

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.

5.3

CVE-2021-32678

  • EPSS 0.3%
  • Veröffentlicht 12.07.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtect...

7.8

CVE-2021-3612

  • EPSS 0.08%
  • Veröffentlicht 09.07.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:58

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privi...

8.8

CVE-2021-3570

  • EPSS 1.23%
  • Veröffentlicht 09.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:52

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat f...

7.1

CVE-2021-3571

  • EPSS 0.72%
  • Veröffentlicht 09.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:52

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The...

8.8

CVE-2021-21779

Exploit
  • EPSS 0.51%
  • Veröffentlicht 08.07.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 05:48:57

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into v...

8

CVE-2021-21775

Exploit
  • EPSS 0.63%
  • Veröffentlicht 07.07.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 05:48:56

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger...

7.5

CVE-2021-32740

  • EPSS 0.5%
  • Veröffentlicht 06.07.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:38

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementatio...

8.8

CVE-2021-30557

  • EPSS 1.17%
  • Veröffentlicht 02.07.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:04:10

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-30554

Warnung
  • EPSS 4.58%
  • Veröffentlicht 02.07.2021 19:15:07
  • Zuletzt bearbeitet 24.10.2025 21:07:05

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.