Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-27827

  • EPSS 0.42%
  • Veröffentlicht 18.03.2021 17:15:13
  • Zuletzt bearbeitet 03.12.2025 19:15:51

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerabilit...

8.8

CVE-2021-28660

  • EPSS 0.32%
  • Veröffentlicht 17.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 06:00:02

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/sta...

7.5

CVE-2021-27291

Exploit
  • EPSS 2.75%
  • Veröffentlicht 17.03.2021 13:15:15
  • Zuletzt bearbeitet 21.11.2024 05:57:45

In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious i...

5.5

CVE-2021-28650

  • EPSS 0.18%
  • Veröffentlicht 17.03.2021 06:15:14
  • Zuletzt bearbeitet 21.11.2024 06:00:01

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. ...

8.8

CVE-2021-21192

Exploit
  • EPSS 1.46%
  • Veröffentlicht 16.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:47:44

Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-21193

Warnung
  • EPSS 14.8%
  • Veröffentlicht 16.03.2021 15:15:13
  • Zuletzt bearbeitet 24.10.2025 21:00:22

Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

7.5

CVE-2021-28543

  • EPSS 0.92%
  • Veröffentlicht 16.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:59:48

Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations. This does not affect organizations that only install the Varnish Cache product; however, it is common to install both ...

8.8

CVE-2021-21191

Exploit
  • EPSS 0.99%
  • Veröffentlicht 16.03.2021 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:47:44

Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

5.4

CVE-2021-20279

  • EPSS 0.73%
  • Veröffentlicht 15.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:16

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

5.4

CVE-2021-20280

Exploit
  • EPSS 1.16%
  • Veröffentlicht 15.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:16

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.