Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-39148 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
CVE-2021-39145 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
CVE-2021-39146 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
CVE-2021-39164 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-08-04 | 3.1 Low |
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter. | ||||
CVE-2021-39140 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 6.5 Medium |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
CVE-2021-39147 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
CVE-2021-38714 | 3 Debian, Fedoraproject, Plib Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-08-04 | 8.8 High |
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. | ||||
CVE-2021-38604 | 3 Fedoraproject, Gnu, Oracle | 8 Fedora, Glibc, Communications Cloud Native Core Binding Support Function and 5 more | 2024-08-04 | 7.5 High |
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. | ||||
CVE-2021-38562 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2024-08-04 | 7.5 High |
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | ||||
CVE-2021-38593 | 3 Fedoraproject, Qt, Redhat | 3 Fedora, Qt, Enterprise Linux | 2024-08-04 | 7.5 High |
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). | ||||
CVE-2021-38512 | 2 Actix, Fedoraproject | 2 Actix-http, Fedora | 2024-08-04 | 7.5 High |
An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggling (aka HRS) can occur, potentially leading to credential disclosure. | ||||
CVE-2021-38297 | 3 Fedoraproject, Golang, Redhat | 4 Fedora, Go, Enterprise Linux and 1 more | 2024-08-04 | 9.8 Critical |
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | ||||
CVE-2021-38165 | 4 Debian, Fedoraproject, Lynx Project and 1 more | 4 Debian Linux, Fedora, Lynx and 1 more | 2024-08-04 | 5.3 Medium |
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. | ||||
CVE-2021-38166 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-08-04 | 7.8 High |
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. | ||||
CVE-2021-38173 | 3 Debian, Digint, Fedoraproject | 3 Debian Linux, Btrbk, Fedora | 2024-08-04 | 9.8 Critical |
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | ||||
CVE-2021-38007 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 8.8 High |
Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2021-37970 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 8.8 High |
Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2021-37975 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 8.8 High |
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
CVE-2021-38018 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-04 | 6.5 Medium |
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | ||||
CVE-2021-37964 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-08-04 | 3.3 Low |
Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file. |