Filtered by vendor Fedoraproject
Subscribe
Total
5331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46659 | 2 Fedoraproject, Mariadb | 2 Fedora, Mariadb | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | |||||
| CVE-2021-46142 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | |||||
| CVE-2021-46141 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | |||||
| CVE-2021-46022 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||||
| CVE-2021-46021 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||||
| CVE-2021-46019 | 2 Fedoraproject, Gnu | 2 Fedora, Recutils | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. | |||||
| CVE-2021-45958 | 3 Debian, Fedoraproject, Ultrajson Project | 3 Debian Linux, Fedora, Ultrajson | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. | |||||
| CVE-2021-45943 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Spatial And Graph and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | |||||
| CVE-2021-45942 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable. | |||||
| CVE-2021-45931 | 2 Fedoraproject, Harfbuzz Project | 2 Fedora, Harfbuzz | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy). | |||||
| CVE-2021-45930 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qtsvg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend (called from QPainterPath::addPath and QPathClipper::intersect). | |||||
| CVE-2021-45848 | 2 Fedoraproject, Nicotine-plus | 2 Fedora, Nicotine\+ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | |||||
| CVE-2021-45474 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | |||||
| CVE-2021-45473 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | |||||
| CVE-2021-45472 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | |||||
| CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | |||||
| CVE-2021-45469 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | |||||
| CVE-2021-45463 | 4 Fedoraproject, Gegl, Gimp and 1 more | 4 Fedora, Gegl, Gimp and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. | |||||
| CVE-2021-45452 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||||
| CVE-2021-45451 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. | |||||