Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-31812

  • EPSS 0.04%
  • Veröffentlicht 12.06.2021 10:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:16

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.

3.1

CVE-2021-22898

Exploit
  • EPSS 0.13%
  • Veröffentlicht 11.06.2021 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:50:52

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NE...

9.8

CVE-2021-22915

  • EPSS 0.49%
  • Veröffentlicht 11.06.2021 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:50:54

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nex...

4.6

CVE-2021-34557

Exploit
  • EPSS 0.07%
  • Veröffentlicht 10.06.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:10:40

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The ...

7.5

CVE-2021-34555

Exploit
  • EPSS 0.48%
  • Veröffentlicht 10.06.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:10:39

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

9.1

CVE-2021-34363

  • EPSS 1.13%
  • Veröffentlicht 10.06.2021 11:15:09
  • Zuletzt bearbeitet 21.11.2024 06:10:14

The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

5.3

CVE-2019-17567

  • EPSS 9.56%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 04:32:32

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to p...

7.5

CVE-2020-13950

  • EPSS 17.37%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:02:13

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

7.3

CVE-2020-35452

  • EPSS 14.97%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:27:18

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particula...

7.5

CVE-2021-26690

  • EPSS 71.59%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:56:40

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service