Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-3612

  • EPSS 0.08%
  • Veröffentlicht 09.07.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:58

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privi...

8.8

CVE-2021-3570

  • EPSS 1.23%
  • Veröffentlicht 09.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:52

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat f...

7.1

CVE-2021-3571

  • EPSS 0.72%
  • Veröffentlicht 09.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:52

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The...

8.8

CVE-2021-21779

Exploit
  • EPSS 0.51%
  • Veröffentlicht 08.07.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 05:48:57

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into v...

8

CVE-2021-21775

Exploit
  • EPSS 0.63%
  • Veröffentlicht 07.07.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 05:48:56

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger...

7.5

CVE-2021-32740

  • EPSS 0.89%
  • Veröffentlicht 06.07.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:38

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementatio...

8.8

CVE-2021-30557

  • EPSS 1.17%
  • Veröffentlicht 02.07.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:04:10

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-30554

Warnung
  • EPSS 2.33%
  • Veröffentlicht 02.07.2021 19:15:07
  • Zuletzt bearbeitet 24.10.2025 21:07:05

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-30556

  • EPSS 0.78%
  • Veröffentlicht 02.07.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:04:10

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5

CVE-2021-35197

Exploit
  • EPSS 0.73%
  • Veröffentlicht 02.07.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:12:01

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API...