Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-3524

  • EPSS 0.58%
  • Veröffentlicht 17.05.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:45

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the COR...

7.8

CVE-2021-33034

Exploit
  • EPSS 0.18%
  • Veröffentlicht 14.05.2021 23:15:09
  • Zuletzt bearbeitet 21.11.2024 06:08:09

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

7.1

CVE-2020-24119

Exploit
  • EPSS 0.38%
  • Veröffentlicht 14.05.2021 21:15:07
  • Zuletzt bearbeitet 11.04.2025 12:27:55

A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

9.1

CVE-2021-3402

Exploit
  • EPSS 1.05%
  • Veröffentlicht 14.05.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:25

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions be...

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Veröffentlicht 14.05.2021 20:15:16
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...

4.3

CVE-2020-27769

  • EPSS 0.05%
  • Veröffentlicht 14.05.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:21:48

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

5.5

CVE-2021-32613

Exploit
  • EPSS 0.35%
  • Veröffentlicht 14.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:22

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

7.5

CVE-2021-29510

  • EPSS 0.07%
  • Veröffentlicht 13.05.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:16

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100...

4.3

CVE-2021-29623

  • EPSS 0.63%
  • Veröffentlicht 13.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:31

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ librar...

5.3

CVE-2021-32917

  • EPSS 2.81%
  • Veröffentlicht 13.05.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:55

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.