Filtered by vendor Fedoraproject
Subscriptions
Total
5193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3272 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. | ||||
| CVE-2021-3197 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-08-03 | 9.8 Critical |
| An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. | ||||
| CVE-2021-3181 | 4 Debian, Fedoraproject, Mutt and 1 more | 4 Debian Linux, Fedora, Mutt and 1 more | 2024-08-03 | 6.5 Medium |
| rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. | ||||
| CVE-2021-3144 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-08-03 | 9.1 Critical |
| In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | ||||
| CVE-2021-3177 | 6 Debian, Fedoraproject, Netapp and 3 more | 12 Debian Linux, Fedora, Active Iq Unified Manager and 9 more | 2024-08-03 | 9.8 Critical |
| Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | ||||
| CVE-2021-3148 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-08-03 | 9.8 Critical |
| An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. | ||||
| CVE-2021-3114 | 5 Debian, Fedoraproject, Golang and 2 more | 13 Debian Linux, Fedora, Go and 10 more | 2024-08-03 | 6.5 Medium |
| In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | ||||
| CVE-2021-3115 | 5 Fedoraproject, Golang, Microsoft and 2 more | 7 Fedora, Go, Windows and 4 more | 2024-08-03 | 7.5 High |
| Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | ||||
| CVE-2021-1870 | 4 Apple, Fedoraproject, Redhat and 1 more | 7 Ipad Os, Iphone Os, Mac Os X and 4 more | 2024-08-03 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1789 | 4 Apple, Fedoraproject, Redhat and 1 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2024-08-03 | 8.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1844 | 4 Apple, Debian, Fedoraproject and 1 more | 9 Ipados, Iphone Os, Macos and 6 more | 2024-08-03 | 8.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1871 | 4 Apple, Debian, Fedoraproject and 1 more | 7 Ipad Os, Iphone Os, Mac Os X and 4 more | 2024-08-03 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | ||||
| CVE-2021-1765 | 4 Apple, Fedoraproject, Redhat and 1 more | 5 Mac Os X, Macos, Fedora and 2 more | 2024-08-03 | 6.5 Medium |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | ||||
| CVE-2021-1788 | 4 Apple, Debian, Fedoraproject and 1 more | 10 Ipados, Iphone Os, Mac Os X and 7 more | 2024-08-03 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1799 | 4 Apple, Fedoraproject, Redhat and 1 more | 9 Ipad Os, Iphone Os, Macos and 6 more | 2024-08-03 | 6.5 Medium |
| A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. | ||||
| CVE-2021-1801 | 4 Apple, Fedoraproject, Redhat and 1 more | 8 Ipad Os, Iphone Os, Macos and 5 more | 2024-08-03 | 6.5 Medium |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. | ||||
| CVE-2021-0561 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-03 | 5.5 Medium |
| In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 | ||||
| CVE-2021-0326 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Android and 1 more | 2024-08-03 | 7.5 High |
| In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 | ||||
| CVE-2021-0089 | 3 Debian, Fedoraproject, Intel | 12 Debian Linux, Fedora, Celeron Processors and 9 more | 2024-08-03 | 6.5 Medium |
| Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0002 | 2 Fedoraproject, Intel | 3 Fedora, Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-08-03 | 7.1 High |
| Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | ||||