CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Fedoraproject : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44026 89 Sql 2021-11-19 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
2 CVE-2021-42013 22 Exec Code Dir. Trav. 2021-10-07 2021-11-11
7.5
None Remote Low Not required Partial Partial Partial
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
3 CVE-2021-41103 22 Dir. Trav. 2021-10-04 2021-11-17
7.2
None Local Low Not required Complete Complete Complete
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.
4 CVE-2021-39275 120 2021-09-16 2021-11-24
7.5
None Remote Low Not required Partial Partial Partial
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
5 CVE-2021-37576 787 Mem. Corr. 2021-07-26 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
6 CVE-2021-35550 863 2021-10-20 2021-11-23
7.1
None Remote Medium Not required Complete None None
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
7 CVE-2021-35042 89 Sql 2021-07-02 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
8 CVE-2021-34552 120 Overflow 2021-07-13 2021-09-20
7.5
None Remote Low Not required Partial Partial Partial
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
9 CVE-2021-33909 120 Overflow 2021-07-20 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
10 CVE-2021-33200 787 2021-05-27 2021-07-06
7.2
None Local Low Not required Complete Complete Complete
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.
11 CVE-2021-32920 400 2021-05-13 2021-05-26
7.8
None Remote Low Not required None None Complete
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.
12 CVE-2021-32688 552 2021-07-12 2021-09-20
7.5
None Remote Low Not required Partial Partial Partial
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading.
13 CVE-2021-32606 416 2021-05-11 2021-09-07
7.2
None Local Low Not required Complete Complete Complete
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
14 CVE-2021-31800 22 Exec Code Dir. Trav. 2021-05-05 2021-05-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
15 CVE-2021-31535 120 Exec Code 2021-05-27 2021-09-23
7.5
None Remote Low Not required Partial Partial Partial
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.
16 CVE-2021-31162 415 2021-04-14 2021-06-02
7.5
None Remote Low Not required Partial Partial Partial
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
17 CVE-2021-30475 120 Overflow 2021-06-04 2021-06-17
7.5
None Remote Low Not required Partial Partial Partial
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
18 CVE-2021-30473 763 2021-05-06 2021-06-17
7.5
None Remote Low Not required Partial Partial Partial
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
19 CVE-2021-29154 77 Exec Code 2021-04-08 2021-06-23
7.2
None Local Low Not required Complete Complete Complete
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
20 CVE-2021-28972 120 Overflow 2021-03-22 2021-04-30
7.2
None Local Low Not required Complete Complete Complete
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
21 CVE-2021-28879 190 Overflow 2021-04-11 2021-04-27
7.5
None Remote Low Not required Partial Partial Partial
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
22 CVE-2021-28660 787 2021-03-17 2021-06-23
7.2
None Local Low Not required Complete Complete Complete
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
23 CVE-2021-28375 269 2021-03-15 2021-04-01
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
24 CVE-2021-27135 DoS Exec Code 2021-02-10 2021-05-21
7.5
None Remote Low Not required Partial Partial Partial
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
25 CVE-2021-26937 88 DoS 2021-02-09 2021-05-26
7.5
None Remote Low Not required Partial Partial Partial
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.
26 CVE-2021-26701 Exec Code 2021-02-25 2021-08-16
7.5
None Remote Low Not required Partial Partial Partial
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.
27 CVE-2021-25283 94 2021-02-27 2021-11-23
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
28 CVE-2021-25281 287 2021-02-27 2021-11-23
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
29 CVE-2021-22883 400 DoS 2021-03-03 2021-10-20
7.8
None Remote Low Not required None None Complete
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
30 CVE-2021-21996 668 2021-09-08 2021-11-23
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.
31 CVE-2021-21289 78 2021-02-02 2021-07-08
7.6
None Remote High Not required Complete Complete Complete
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7.
32 CVE-2021-20314 787 DoS Exec Code Overflow 2021-08-12 2021-09-30
7.5
None Remote Low Not required Partial Partial Partial
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
33 CVE-2021-20307 134 2021-04-05 2021-07-20
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
34 CVE-2021-20292 416 Exec Code 2021-05-28 2021-06-23
7.2
None Local Low Not required Complete Complete Complete
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
35 CVE-2021-20291 667 DoS 2021-04-01 2021-06-02
7.1
None Remote Medium Not required None None Complete
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
36 CVE-2021-20246 369 2021-03-09 2021-03-25
7.1
None Remote Medium Not required None None Complete
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
37 CVE-2021-20245 369 2021-03-09 2021-06-03
7.1
None Remote Medium Not required None None Complete
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
38 CVE-2021-20244 369 2021-03-09 2021-03-25
7.1
None Remote Medium Not required None None Complete
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
39 CVE-2021-20236 787 Overflow 2021-05-28 2021-06-02
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
40 CVE-2021-20233 787 2021-03-03 2021-05-01
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
41 CVE-2021-20232 416 Mem. Corr. 2021-03-12 2021-05-17
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
42 CVE-2021-20231 416 Mem. Corr. 2021-03-12 2021-06-01
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
43 CVE-2021-20225 787 2021-03-03 2021-05-01
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
44 CVE-2021-20217 617 DoS 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability.
45 CVE-2021-20216 400 DoS 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
46 CVE-2021-20215 401 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
47 CVE-2021-20214 401 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
48 CVE-2021-20212 401 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
49 CVE-2021-20211 401 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
50 CVE-2021-20210 401 2021-03-25 2021-07-08
7.8
None Remote Low Not required None None Complete
A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
Total number of vulnerabilities : 333   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.