Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-31542

  • EPSS 5.19%
  • Veröffentlicht 05.05.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:05:52

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.

6.8

CVE-2021-20254

  • EPSS 0.65%
  • Veröffentlicht 05.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 05:46:13

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negativ...

9.8

CVE-2021-31800

  • EPSS 39.21%
  • Veröffentlicht 05.05.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:15

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to...

3.3

CVE-2021-25317

  • EPSS 0.1%
  • Veröffentlicht 05.05.2021 10:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:44

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp use...

8.8

CVE-2021-29477

  • EPSS 3.52%
  • Veröffentlicht 04.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:13

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and po...

8.8

CVE-2021-29478

  • EPSS 2.49%
  • Veröffentlicht 04.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:13

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code ex...

8.8

CVE-2021-21227

  • EPSS 3.18%
  • Veröffentlicht 30.04.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:47:49

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.3

CVE-2021-21228

  • EPSS 0.65%
  • Veröffentlicht 30.04.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:47:49

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.

6.5

CVE-2021-21229

  • EPSS 0.86%
  • Veröffentlicht 30.04.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:47:49

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

8.8

CVE-2021-21230

  • EPSS 3.61%
  • Veröffentlicht 30.04.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:47:49

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.