Filtered by vendor Fedoraproject
Subscribe
Total
5187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34341 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34340 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34339 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34338 | 2 Fedoraproject, Libming | 2 Fedora, Ming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | |||||
| CVE-2021-34335 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5. | |||||
| CVE-2021-34334 | 3 Debian, Exiv2, Fedoraproject | 3 Debian Linux, Exiv2, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5. | |||||
| CVE-2021-33910 | 4 Debian, Fedoraproject, Netapp and 1 more | 5 Debian Linux, Fedora, Hci Management Node and 2 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | |||||
| CVE-2021-33909 | 6 Debian, Fedoraproject, Linux and 3 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | |||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | |||||
| CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | |||||
| CVE-2021-33813 | 5 Apache, Debian, Fedoraproject and 2 more | 6 Solr, Tika, Debian Linux and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. | |||||
| CVE-2021-33646 | 3 Fedoraproject, Feep, Huawei | 3 Fedora, Libtar, Openeuler | 2024-11-21 | N/A | 7.5 HIGH |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | |||||
| CVE-2021-33645 | 3 Fedoraproject, Feep, Huawei | 3 Fedora, Libtar, Openeuler | 2024-11-21 | N/A | 7.5 HIGH |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | |||||
| CVE-2021-33644 | 3 Fedoraproject, Feep, Huawei | 3 Fedora, Libtar, Openeuler | 2024-11-21 | N/A | 8.1 HIGH |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | |||||
| CVE-2021-33643 | 3 Fedoraproject, Feep, Huawei | 3 Fedora, Libtar, Openeuler | 2024-11-21 | N/A | 9.1 CRITICAL |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | |||||
| CVE-2021-33640 | 2 Fedoraproject, Huawei | 2 Fedora, Openeuler | 2024-11-21 | N/A | 6.2 MEDIUM |
| After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). | |||||
| CVE-2021-33621 | 2 Fedoraproject, Ruby-lang | 3 Fedora, Cgi, Ruby | 2024-11-21 | N/A | 8.8 HIGH |
| The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. | |||||
| CVE-2021-33620 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | |||||
| CVE-2021-33582 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | |||||
| CVE-2021-33574 | 4 Debian, Fedoraproject, Gnu and 1 more | 20 Debian Linux, Fedora, Glibc and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | |||||