Fedoraproject

Fedora

5335 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2020-25647

  • EPSS 0.01%
  • Veröffentlicht 03.03.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:18:19

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory ...

7.2

CVE-2020-27749

  • EPSS 0.03%
  • Veröffentlicht 03.03.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:21:45

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If t...

7.5

CVE-2020-27779

  • EPSS 0.01%
  • Veröffentlicht 03.03.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:21:49

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper ...

7.2

CVE-2021-20225

  • EPSS 0.05%
  • Veröffentlicht 03.03.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:46:09

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from thi...

7.5

CVE-2021-26813

Exploit
  • EPSS 0.48%
  • Veröffentlicht 03.03.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:56:51

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.

7.5

CVE-2021-27921

  • EPSS 0.79%
  • Veröffentlicht 03.03.2021 09:15:14
  • Zuletzt bearbeitet 15.08.2025 05:15:28

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

7.5

CVE-2021-27922

  • EPSS 0.46%
  • Veröffentlicht 03.03.2021 09:15:14
  • Zuletzt bearbeitet 15.08.2025 05:15:29

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

7.5

CVE-2021-27923

  • EPSS 0.79%
  • Veröffentlicht 03.03.2021 09:15:14
  • Zuletzt bearbeitet 15.08.2025 05:15:29

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

4.4

CVE-2021-25284

  • EPSS 0.02%
  • Veröffentlicht 27.02.2021 05:15:14
  • Zuletzt bearbeitet 21.11.2024 05:54:40

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

9.1

CVE-2021-3144

  • EPSS 5.48%
  • Veröffentlicht 27.02.2021 05:15:14
  • Zuletzt bearbeitet 21.11.2024 06:20:58

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)