Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2021-3504

  • EPSS 0.13%
  • Veröffentlicht 11.05.2021 23:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:42

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memor...

4.6

CVE-2021-31204

  • EPSS 8.69%
  • Veröffentlicht 11.05.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:05:17

.NET and Visual Studio Elevation of Privilege Vulnerability

5.3

CVE-2021-29471

  • EPSS 0.61%
  • Veröffentlicht 11.05.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:01:11

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push rules" can specify conditions under which they will...

6.1

CVE-2020-13529

Exploit
  • EPSS 0.07%
  • Veröffentlicht 10.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 05:01:26

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and...

4.3

CVE-2021-32056

  • EPSS 0.21%
  • Veröffentlicht 10.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:46

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

5.3

CVE-2021-21419

  • EPSS 0.1%
  • Veröffentlicht 07.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:48:19

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch i...

5.5

CVE-2021-31829

  • EPSS 0.04%
  • Veröffentlicht 06.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:18

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against ...

6.1

CVE-2021-32052

  • EPSS 1.5%
  • Veröffentlicht 06.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:46

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, hea...

9.8

CVE-2021-20204

  • EPSS 1.96%
  • Veröffentlicht 06.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:07

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata...

9.8

CVE-2021-30473

  • EPSS 0.25%
  • Veröffentlicht 06.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:03:59

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.