Fedoraproject

Fedora

5357 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.85%
  • Veröffentlicht 20.07.2021 07:15:07
  • Zuletzt bearbeitet 03.11.2025 22:15:49

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

  • EPSS 1.61%
  • Veröffentlicht 19.07.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:41

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem...

Exploit
  • EPSS 3.62%
  • Veröffentlicht 16.07.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:39

fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action ma...

  • EPSS 6.98%
  • Veröffentlicht 15.07.2021 14:15:19
  • Zuletzt bearbeitet 21.11.2024 06:10:40

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

  • EPSS 1.6%
  • Veröffentlicht 14.07.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:59

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x be...

  • EPSS 1.36%
  • Veröffentlicht 14.07.2021 13:15:08
  • Zuletzt bearbeitet 03.11.2025 20:15:45

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software runni...

  • EPSS 3.16%
  • Veröffentlicht 13.07.2021 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:10:39

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

  • EPSS 1.51%
  • Veröffentlicht 12.07.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:07:33

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share to...

  • EPSS 1.7%
  • Veröffentlicht 12.07.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:07:34

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share t...

  • EPSS 0.36%
  • Veröffentlicht 12.07.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:31

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event...