Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-28957

Exploit
  • EPSS 0.5%
  • Veröffentlicht 21.03.2021 05:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:26

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A rem...

6

CVE-2020-27171

  • EPSS 0.16%
  • Veröffentlicht 20.03.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spect...

4.7

CVE-2020-27170

  • EPSS 0.16%
  • Veröffentlicht 20.03.2021 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:48

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information fr...

7.8

CVE-2021-28952

  • EPSS 0.24%
  • Veröffentlicht 20.03.2021 21:15:11
  • Zuletzt bearbeitet 21.11.2024 06:00:25

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

5.5

CVE-2021-28950

  • EPSS 0.07%
  • Veröffentlicht 20.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:25

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

5.5

CVE-2021-28951

  • EPSS 0.06%
  • Veröffentlicht 20.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:25

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal ...

9.8

CVE-2019-10196

  • EPSS 0.36%
  • Veröffentlicht 19.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:18:37

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available ...

5.5

CVE-2021-27807

  • EPSS 0.54%
  • Veröffentlicht 19.03.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:58:36

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

5.5

CVE-2021-27906

  • EPSS 0.54%
  • Veröffentlicht 19.03.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:58:45

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.

9.8

CVE-2021-28834

Exploit
  • EPSS 2.65%
  • Veröffentlicht 19.03.2021 07:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:17

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.