Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-23856

Exploit
  • EPSS 0.11%
  • Veröffentlicht 18.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:14:08

Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.

8.8

CVE-2021-3518

  • EPSS 0.23%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...

5.3

CVE-2021-3531

  • EPSS 0.26%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:46

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system i...

5.5

CVE-2021-32617

  • EPSS 0.08%
  • Veröffentlicht 17.05.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:23

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is t...

6.5

CVE-2021-3524

  • EPSS 0.86%
  • Veröffentlicht 17.05.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:45

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the COR...

7.8

CVE-2021-33034

Exploit
  • EPSS 0.09%
  • Veröffentlicht 14.05.2021 23:15:09
  • Zuletzt bearbeitet 21.11.2024 06:08:09

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

7.1

CVE-2020-24119

Exploit
  • EPSS 0.38%
  • Veröffentlicht 14.05.2021 21:15:07
  • Zuletzt bearbeitet 11.04.2025 12:27:55

A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

9.1

CVE-2021-3402

Exploit
  • EPSS 1.41%
  • Veröffentlicht 14.05.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:25

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions be...

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Veröffentlicht 14.05.2021 20:15:16
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...

4.3

CVE-2020-27769

  • EPSS 0.08%
  • Veröffentlicht 14.05.2021 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:21:48

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.