Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5187 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3445 3 Fedoraproject, Redhat, Rpm 3 Fedora, Enterprise Linux, Libdnf 2024-11-21 5.1 MEDIUM 7.5 HIGH
A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3443 3 Fedoraproject, Jasper Project, Redhat 3 Fedora, Jasper, Enterprise Linux 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
CVE-2021-3426 6 Debian, Fedoraproject, Netapp and 3 more 10 Debian Linux, Fedora, Cloud Backup and 7 more 2024-11-21 2.7 LOW 5.7 MEDIUM
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
CVE-2021-3421 3 Fedoraproject, Redhat, Rpm 3 Fedora, Enterprise Linux, Rpm 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
CVE-2021-3420 2 Fedoraproject, Newlib Project 2 Fedora, Newlib 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
CVE-2021-3416 4 Debian, Fedoraproject, Qemu and 1 more 4 Debian Linux, Fedora, Qemu and 1 more 2024-11-21 2.1 LOW 6.0 MEDIUM
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
CVE-2021-3410 3 Debian, Fedoraproject, Libcaca Project 3 Debian Linux, Fedora, Libcaca 2024-11-21 4.6 MEDIUM 7.8 HIGH
A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.
CVE-2021-3409 4 Debian, Fedoraproject, Qemu and 1 more 4 Debian Linux, Fedora, Qemu and 1 more 2024-11-21 4.6 MEDIUM 5.7 MEDIUM
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
CVE-2021-3407 3 Artifex, Debian, Fedoraproject 3 Mupdf, Debian Linux, Fedora 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
CVE-2021-3406 2 Fedoraproject, Keylime 2 Fedora, Keylime 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-3405 3 Debian, Fedoraproject, Matroska 3 Debian Linux, Fedora, Libebml 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
CVE-2021-3404 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
CVE-2021-3403 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVE-2021-3402 2 Fedoraproject, Virustotal 2 Fedora, Yara 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4
CVE-2021-3392 3 Debian, Fedoraproject, Qemu 3 Debian Linux, Fedora, Qemu 2024-11-21 2.1 LOW 3.2 LOW
A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing SCSI I/O requests in the case of an error mptsas_free_request() that does not dequeue the request object 'req' from a pending requests queue. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. Versions between 2.10.0 and 5.2.0 are potentially affected.
CVE-2021-3347 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 7.2 HIGH 7.8 HIGH
An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
CVE-2021-3325 2 Fedoraproject, Fibranet 2 Fedora, Monitorix 2024-11-21 7.5 HIGH 9.8 CRITICAL
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
CVE-2021-3308 2 Fedoraproject, Xen 2 Fedora, Xen 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.
CVE-2021-3281 3 Djangoproject, Fedoraproject, Netapp 3 Django, Fedora, Snapcenter 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
CVE-2021-3272 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.