Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-33909 Classic Buffer Overflow vulnerability in multiple products
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.
local
low complexity
linux fedoraproject debian CWE-120
7.2
2021-07-20 CVE-2021-33910 Allocation of Resources Without Limits OR Throttling vulnerability in multiple products
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.
local
low complexity
freedesktop fedoraproject debian CWE-770
4.9
2021-07-09 CVE-2021-3570 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
A flaw was found in the ptp4l program of the linuxptp package.
network
low complexity
linuxptp-project redhat fedoraproject CWE-119
8.0
2021-07-09 CVE-2021-3612 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP.
local
low complexity
linux redhat fedoraproject CWE-119
7.2
2021-06-15 CVE-2021-31618 Null Pointer Dereference vulnerability in multiple products
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well.
network
low complexity
apache fedoraproject CWE-476
5.0
2021-06-09 CVE-2021-0086 Information Exposure Through Discrepancy vulnerability in multiple products
Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
local
low complexity
intel fedoraproject CWE-203
2.1
2021-06-09 CVE-2021-0089 Information Exposure Through Discrepancy vulnerability in multiple products
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
local
low complexity
debian fedoraproject intel CWE-203
2.1
2021-06-09 CVE-2021-32677 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints.
5.8
2021-06-09 CVE-2021-3532 Information Exposure vulnerability in multiple products
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory.
4.3
2021-06-09 CVE-2021-3533 Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in multiple products
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory.
local
high complexity
redhat fedoraproject CWE-367
1.2