Filtered by vendor Fedoraproject
Subscriptions
Total
5193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20254 | 4 Debian, Fedoraproject, Redhat and 1 more | 9 Debian Linux, Fedora, Enterprise Linux and 6 more | 2024-08-03 | 6.8 Medium |
| A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20288 | 4 Debian, Fedoraproject, Linuxfoundation and 1 more | 4 Debian Linux, Fedora, Ceph and 1 more | 2024-08-03 | 7.2 High |
| An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20240 | 2 Fedoraproject, Gnome | 2 Fedora, Gdk-pixbuf | 2024-08-03 | 8.8 High |
| A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20232 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Gnutls, Enterprise Linux | 2024-08-03 | 9.8 Critical |
| A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. | ||||
| CVE-2021-20239 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-08-03 | 3.3 Low |
| A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-20233 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-03 | 8.2 High |
| A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20179 | 3 Dogtagpki, Fedoraproject, Redhat | 5 Dogtagpki, Fedora, Certificate System and 2 more | 2024-08-03 | 8.1 High |
| A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20205 | 2 Fedoraproject, Libjpeg-turbo | 2 Fedora, Libjpeg-turbo | 2024-08-03 | 6.5 Medium |
| Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. | ||||
| CVE-2021-20225 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-03 | 6.7 Medium |
| A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20203 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-08-03 | 3.2 Low |
| An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | ||||
| CVE-2021-20231 | 4 Fedoraproject, Gnu, Netapp and 1 more | 5 Fedora, Gnutls, Active Iq Unified Manager and 2 more | 2024-08-03 | 9.8 Critical |
| A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. | ||||
| CVE-2021-20208 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Enterprise Linux, Cifs-utils | 2024-08-03 | 6.1 Medium |
| A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20178 | 2 Fedoraproject, Redhat | 7 Fedora, Ansible, Ansible Automation Platform and 4 more | 2024-08-03 | 5.5 Medium |
| A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-20229 | 3 Fedoraproject, Postgresql, Redhat | 4 Fedora, Postgresql, Enterprise Linux and 1 more | 2024-08-03 | 4.3 Medium |
| A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-4217 | 3 Fedoraproject, Redhat, Unzip Project | 3 Fedora, Enterprise Linux, Unzip | 2024-08-03 | 3.3 Low |
| A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||||
| CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-03 | 5.5 Medium |
| There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | ||||
| CVE-2021-4019 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-4064 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-08-03 | 8.8 High |
| Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-4185 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Http Server and 2 more | 2024-08-03 | 7.5 High |
| Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2021-4157 | 5 Fedoraproject, Linux, Netapp and 2 more | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-08-03 | 8.0 High |
| An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. | ||||