Filtered by vendor Fedoraproject
Subscribe
Total
5385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34557 | 2 Fedoraproject, Xscreensaver Project | 2 Fedora, Xscreensaver | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. | |||||
| CVE-2021-34556 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | |||||
| CVE-2021-34555 | 2 Fedoraproject, Trusteddomain | 2 Fedora, Opendmarc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. | |||||
| CVE-2021-34552 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | |||||
| CVE-2021-34551 | 3 Fedoraproject, Microsoft, Phpmailer Project | 3 Fedora, Windows, Phpmailer | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | |||||
| CVE-2021-34434 | 2 Eclipse, Fedoraproject | 2 Mosquitto, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | |||||
| CVE-2021-34363 | 2 Fedoraproject, The Fuck Project | 2 Fedora, The Fuck | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | |||||
| CVE-2021-34342 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. | |||||
| CVE-2021-34341 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34340 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34339 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34338 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34335 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5. | |||||
| CVE-2021-34334 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | |||||
| CVE-2021-33909 | 6 Debian, Fedoraproject, Linux and 3 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | |||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | |||||
| CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | |||||
| CVE-2021-33813 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Solr, Tika, Debian Linux and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2021-33621 | 2 Fedoraproject, Ruby-lang | 3 Fedora, Cgi, Ruby | 2024-11-21 | N/A | 8.8 HIGH |
| The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. | |||||
| CVE-2021-33620 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | |||||