Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34341 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-08-04 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-34335 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-08-04 | 4.7 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5. | ||||
| CVE-2021-34338 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-08-04 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-34342 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-08-04 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak. | ||||
| CVE-2021-34340 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-08-04 | 6.5 Medium |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | ||||
| CVE-2021-33909 | 7 Debian, Fedoraproject, Linux and 4 more | 16 Debian Linux, Fedora, Linux Kernel and 13 more | 2024-08-04 | 7.8 High |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | ||||
| CVE-2021-33910 | 5 Debian, Fedoraproject, Netapp and 2 more | 8 Debian Linux, Fedora, Hci Management Node and 5 more | 2024-08-04 | 5.5 Medium |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | ||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-08-04 | 5.3 Medium |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | ||||
| CVE-2021-33813 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Solr, Tika, Debian Linux and 7 more | 2024-08-03 | 7.5 High |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2024-08-03 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | ||||
| CVE-2021-33640 | 2 Fedoraproject, Huawei | 2 Fedora, Openeuler | 2024-08-03 | 6.2 Medium |
| After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). | ||||
| CVE-2021-33644 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 8.1 High |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | ||||
| CVE-2021-33646 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 7.5 High |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | ||||
| CVE-2021-33621 | 3 Fedoraproject, Redhat, Ruby-lang | 6 Fedora, Enterprise Linux, Rhel Eus and 3 more | 2024-08-03 | 8.8 High |
| The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. | ||||
| CVE-2021-33645 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 7.5 High |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | ||||
| CVE-2021-33643 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 9.1 Critical |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | ||||
| CVE-2021-33620 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | ||||
| CVE-2021-33571 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Openstack and 2 more | 2024-08-03 | 7.5 High |
| In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) . | ||||
| CVE-2021-33574 | 5 Debian, Fedoraproject, Gnu and 2 more | 21 Debian Linux, Fedora, Glibc and 18 more | 2024-08-03 | 9.8 Critical |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | ||||
| CVE-2021-33582 | 4 Cyrus, Debian, Fedoraproject and 1 more | 5 Imap, Debian Linux, Fedora and 2 more | 2024-08-03 | 7.5 High |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | ||||