Fedoraproject

Fedora

5319 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-28831

  • EPSS 0.96%
  • Veröffentlicht 19.03.2021 05:15:13
  • Zuletzt bearbeitet 09.05.2025 20:15:36

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

8.6

CVE-2020-25097

  • EPSS 0.58%
  • Veröffentlicht 19.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:17:19

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for cert...

7.5

CVE-2021-28089

  • EPSS 1.69%
  • Veröffentlicht 19.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:59:04

Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.

5.3

CVE-2021-28090

  • EPSS 2.69%
  • Veröffentlicht 19.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:59:04

Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.

6

CVE-2021-3416

  • EPSS 0%
  • Veröffentlicht 18.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:27

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use th...

7.5

CVE-2020-26797

Exploit
  • EPSS 0.66%
  • Veröffentlicht 18.03.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 05:20:18

Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.

7.5

CVE-2020-27827

  • EPSS 0.42%
  • Veröffentlicht 18.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:53

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerabilit...

8.8

CVE-2021-28660

  • EPSS 0.27%
  • Veröffentlicht 17.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:02

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/sta...

7.5

CVE-2021-27291

Exploit
  • EPSS 2.75%
  • Veröffentlicht 17.03.2021 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:57:45

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious i...

5.5

CVE-2021-28650

  • EPSS 0.18%
  • Veröffentlicht 17.03.2021 06:15:14
  • Zuletzt bearbeitet 21.11.2024 06:00:01

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. ...