Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3623 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2024-08-03 | 6.1 Medium |
| A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3658 | 2 Bluez, Fedoraproject | 2 Bluez, Fedora | 2024-08-03 | 6.5 Medium |
| bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. | ||||
| CVE-2021-3537 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Active Iq Unified Manager and 18 more | 2024-08-03 | 5.9 Medium |
| A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3608 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-08-03 | 6.0 Medium |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3571 | 3 Fedoraproject, Linuxptp Project, Redhat | 3 Fedora, Linuxptp, Enterprise Linux | 2024-08-03 | 7.1 High |
| A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. | ||||
| CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 16 Fedora, Grub2, Ontap Select Deploy Administration Utility and 13 more | 2024-08-03 | 4.5 Medium |
| A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | ||||
| CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 21 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 18 more | 2024-08-03 | 6.5 Medium |
| There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | ||||
| CVE-2021-3575 | 3 Fedoraproject, Redhat, Uclouvain | 3 Fedora, Enterprise Linux, Openjpeg | 2024-08-03 | 7.8 High |
| A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. | ||||
| CVE-2021-3561 | 3 Debian, Fedoraproject, Fig2dev Project | 3 Debian Linux, Fedora, Fig2dev | 2024-08-03 | 7.1 High |
| An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. | ||||
| CVE-2021-3635 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-08-03 | 4.4 Medium |
| A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands. | ||||
| CVE-2021-3574 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2024-08-03 | 3.3 Low |
| A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | ||||
| CVE-2021-3657 | 4 Debian, Fedoraproject, Isync Project and 1 more | 4 Debian Linux, Fedora, Isync and 1 more | 2024-08-03 | 9.8 Critical |
| A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. | ||||
| CVE-2021-3677 | 3 Fedoraproject, Postgresql, Redhat | 9 Fedora, Postgresql, Enterprise Linux and 6 more | 2024-08-03 | 6.5 Medium |
| A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | ||||
| CVE-2021-3596 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2024-08-03 | 6.5 Medium |
| A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. | ||||
| CVE-2021-3543 | 3 Fedoraproject, Nitro Enclaves Project, Redhat | 3 Fedora, Nitro Enclaves, Enterprise Linux | 2024-08-03 | 6.7 Medium |
| A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. | ||||
| CVE-2021-3746 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2024-08-03 | 6.5 Medium |
| A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. | ||||
| CVE-2021-3672 | 6 C-ares Project, Fedoraproject, Nodejs and 3 more | 19 C-ares, Fedora, Node.js and 16 more | 2024-08-03 | 5.6 Medium |
| A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | ||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2024-08-03 | 5.5 Medium |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||||
| CVE-2021-3593 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-08-03 | 3.8 Low |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | ||||
| CVE-2021-3739 | 3 Fedoraproject, Linux, Netapp | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-08-03 | 7.1 High |
| A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. | ||||