Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 5302 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34551 3 Fedoraproject, Microsoft, Phpmailer Project 3 Fedora, Windows, Phpmailer 2024-11-21 5.1 MEDIUM 8.1 HIGH
PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
CVE-2021-34434 2 Eclipse, Fedoraproject 2 Mosquitto, Fedora 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
CVE-2021-34363 2 Fedoraproject, The Fuck Project 2 Fedora, The Fuck 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
CVE-2021-34342 2 Fedoraproject, Libming 2 Fedora, Ming 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.
CVE-2021-34341 2 Fedoraproject, Libming 2 Fedora, Ming 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34340 2 Fedoraproject, Libming 2 Fedora, Ming 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34339 2 Fedoraproject, Libming 2 Fedora, Ming 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34338 2 Fedoraproject, Libming 2 Fedora, Ming 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
CVE-2021-34335 2 Exiv2, Fedoraproject 2 Exiv2, Fedora 2024-11-21 4.3 MEDIUM 4.7 MEDIUM
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.
CVE-2021-34334 3 Debian, Exiv2, Fedoraproject 3 Debian Linux, Exiv2, Fedora 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.
CVE-2021-33909 6 Debian, Fedoraproject, Linux and 3 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-11-21 7.2 HIGH 7.8 HIGH
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
CVE-2021-33896 2 Dino, Fedoraproject 2 Dino, Fedora 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.
CVE-2021-33829 4 Ckeditor, Debian, Drupal and 1 more 4 Ckeditor, Debian Linux, Drupal and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
CVE-2021-33813 5 Apache, Debian, Fedoraproject and 2 more 6 Solr, Tika, Debian Linux and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
CVE-2021-33621 2 Fedoraproject, Ruby-lang 3 Fedora, Cgi, Ruby 2024-11-21 N/A 8.8 HIGH
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
CVE-2021-33620 3 Debian, Fedoraproject, Squid-cache 3 Debian Linux, Fedora, Squid 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
CVE-2021-33582 3 Cyrus, Debian, Fedoraproject 3 Imap, Debian Linux, Fedora 2024-11-21 5.0 MEDIUM 7.5 HIGH
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
CVE-2021-33574 4 Debian, Fedoraproject, Gnu and 1 more 20 Debian Linux, Fedora, Glibc and 17 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
CVE-2021-33571 2 Djangoproject, Fedoraproject 2 Django, Fedora 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .
CVE-2021-33560 4 Debian, Fedoraproject, Gnupg and 1 more 8 Debian Linux, Fedora, Libgcrypt and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.