Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-27823

  • EPSS 0.04%
  • Veröffentlicht 13.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:21:52

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availab...

3.3

CVE-2020-14354

Exploit
  • EPSS 0.19%
  • Veröffentlicht 13.05.2021 14:15:17
  • Zuletzt bearbeitet 21.11.2024 05:03:04

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this v...

5.5

CVE-2020-27824

  • EPSS 0.25%
  • Veröffentlicht 13.05.2021 14:15:17
  • Zuletzt bearbeitet 21.11.2024 05:21:52

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to s...

8.8

CVE-2021-31215

  • EPSS 2.54%
  • Veröffentlicht 13.05.2021 06:15:07
  • Zuletzt bearbeitet 21.11.2024 06:05:18

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

4.6

CVE-2021-23134

  • EPSS 0.03%
  • Veröffentlicht 12.05.2021 23:15:07
  • Zuletzt bearbeitet 21.11.2024 05:51:16

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

7.5

CVE-2020-27840

  • EPSS 17.99%
  • Veröffentlicht 12.05.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 05:21:54

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from...

7.5

CVE-2021-20277

  • EPSS 14.91%
  • Veröffentlicht 12.05.2021 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:46:16

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is...

7.8

CVE-2021-32606

  • EPSS 0.12%
  • Veröffentlicht 11.05.2021 23:15:09
  • Zuletzt bearbeitet 21.11.2024 06:07:21

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

5.8

CVE-2021-3504

  • EPSS 0.15%
  • Veröffentlicht 11.05.2021 23:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:42

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memor...

4.6

CVE-2021-31204

  • EPSS 8.69%
  • Veröffentlicht 11.05.2021 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:05:17

.NET and Visual Studio Elevation of Privilege Vulnerability