Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-42715 | 3 Debian, Fedoraproject, Nothings | 3 Debian Linux, Fedora, Stb Image.h | 2024-08-04 | 5.5 Medium |
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. | ||||
CVE-2021-42716 | 2 Fedoraproject, Nothings | 2 Fedora, Stb Image.h | 2024-08-04 | 7.1 High |
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. | ||||
CVE-2021-42612 | 2 Fedoraproject, Halibut Project | 2 Fedora, Halibut | 2024-08-04 | 7.8 High |
A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. | ||||
CVE-2021-42613 | 2 Fedoraproject, Halibut Project | 2 Fedora, Halibut | 2024-08-04 | 7.8 High |
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | ||||
CVE-2021-42378 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | ||||
CVE-2021-42376 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 5.5 Medium |
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | ||||
CVE-2021-42374 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 5.3 Medium |
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | ||||
CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | ||||
CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | ||||
CVE-2021-42383 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | ||||
CVE-2021-42377 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 9.8 Critical |
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | ||||
CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | ||||
CVE-2021-42375 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 5.5 Medium |
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | ||||
CVE-2021-42327 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-08-04 | 6.7 Medium |
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. | ||||
CVE-2021-42373 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-08-04 | 5.5 Medium |
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | ||||
CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | ||||
CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2024-08-04 | 7.2 High |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | ||||
CVE-2021-42072 | 2 Barrier Project, Fedoraproject | 2 Barrier, Fedora | 2024-08-04 | 8.8 High |
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption. |