Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-21161

Exploit
  • EPSS 1.1%
  • Veröffentlicht 09.03.2021 18:15:15
  • Zuletzt bearbeitet 21.11.2024 05:47:41

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8

CVE-2021-21162

Exploit
  • EPSS 1.44%
  • Veröffentlicht 09.03.2021 18:15:15
  • Zuletzt bearbeitet 21.11.2024 05:47:41

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

4.9

CVE-2021-23351

  • EPSS 1.35%
  • Veröffentlicht 08.03.2021 05:15:12
  • Zuletzt bearbeitet 21.11.2024 05:51:33

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it fi...

7.1

CVE-2021-28041

  • EPSS 0.3%
  • Veröffentlicht 05.03.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 05:59:01

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

9.8

CVE-2021-3420

  • EPSS 0.23%
  • Veröffentlicht 05.03.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:27

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buf...

7.8

CVE-2021-3403

Exploit
  • EPSS 0.89%
  • Veröffentlicht 04.03.2021 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:25

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

7.8

CVE-2021-3404

Exploit
  • EPSS 2.07%
  • Veröffentlicht 04.03.2021 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:25

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

4.9

CVE-2020-25639

Exploit
  • EPSS 0.13%
  • Veröffentlicht 04.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:18:18

A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.

9.8

CVE-2020-28636

  • EPSS 0.91%
  • Veröffentlicht 04.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:23:04

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to t...

9.8

CVE-2020-35628

  • EPSS 0.69%
  • Veröffentlicht 04.03.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:44

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious i...