Filtered by vendor Fedoraproject
Subscribe
Total
5331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | |||||
| CVE-2021-27923 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27922 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27919 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | |||||
| CVE-2021-27906 | 3 Apache, Fedoraproject, Oracle | 19 Pdfbox, Fedora, Banking Corporate Lending Process Management and 16 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | |||||
| CVE-2021-27836 | 2 Fedoraproject, Libxls Project | 2 Fedora, Libxls | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. | |||||
| CVE-2021-27815 | 2 Fedoraproject, Libexif Project | 2 Fedora, Exif | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. | |||||
| CVE-2021-27807 | 3 Apache, Fedoraproject, Oracle | 15 Pdfbox, Fedora, Banking Trade Finance Process Management and 12 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | |||||
| CVE-2021-27803 | 3 Debian, Fedoraproject, W1.fi | 3 Debian Linux, Fedora, Wpa Supplicant | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | |||||
| CVE-2021-27645 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Glibc | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | |||||
| CVE-2021-27291 | 3 Debian, Fedoraproject, Pygments | 3 Debian Linux, Fedora, Pygments | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | |||||
| CVE-2021-27219 | 5 Broadcom, Debian, Fedoraproject and 2 more | 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | |||||
| CVE-2021-27218 | 5 Broadcom, Debian, Fedoraproject and 2 more | 7 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | |||||
| CVE-2021-27135 | 3 Debian, Fedoraproject, Invisible-island | 3 Debian Linux, Fedora, Xterm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | |||||
| CVE-2021-27025 | 2 Fedoraproject, Puppet | 4 Fedora, Puppet, Puppet Agent and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | |||||
| CVE-2021-27023 | 2 Fedoraproject, Puppet | 4 Fedora, Puppet Agent, Puppet Enterprise and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||||
| CVE-2021-26937 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Screen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | |||||
| CVE-2021-26934 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry. | |||||
| CVE-2021-26933 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. | |||||