Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3995 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
| CVE-2021-3984 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3981 | 2 Fedoraproject, Gnu | 2 Fedora, Grub2 | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. | |||||
| CVE-2021-3979 | 2 Fedoraproject, Redhat | 8 Fedora, Ceph Storage, Ceph Storage For Ibm Z Systems and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. | |||||
| CVE-2021-3975 | 5 Canonical, Debian, Fedoraproject and 2 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | |||||
| CVE-2021-3974 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-3973 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3968 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 8.5 HIGH | 8.0 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3941 | 4 Debian, Fedoraproject, Openexr and 1 more | 4 Debian Linux, Fedora, Openexr and 1 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. | |||||
| CVE-2021-3935 | 4 Debian, Fedoraproject, Pgbouncer and 1 more | 4 Debian Linux, Fedora, Pgbouncer and 1 more | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
| When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. | |||||
| CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | |||||
| CVE-2021-3929 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-11-21 | N/A | 8.2 HIGH |
| A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. | |||||
| CVE-2021-3928 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use of Uninitialized Variable | |||||
| CVE-2021-3927 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3923 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 2.3 LOW |
| A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms. | |||||
| CVE-2021-3905 | 4 Canonical, Fedoraproject, Openvswitch and 1 more | 4 Ubuntu Linux, Fedora, Openvswitch and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | |||||
| CVE-2021-3903 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3875 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3872 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-3847 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | |||||