Filtered by vendor Fedoraproject
Subscriptions
Filtered by product Fedora
Subscriptions
Total
5341 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | ||||
| CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||||
| CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | ||||
| CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | ||||
| CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | ||||
| CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | ||||
| CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | ||||
| CVE-2021-42378 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 7.2 High |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | ||||
| CVE-2021-42374 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2025-11-03 | 5.3 Medium |
| An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | ||||
| CVE-2021-41160 | 3 Fedoraproject, Freerdp, Redhat | 4 Fedora, Freerdp, Enterprise Linux and 1 more | 2025-11-03 | 5.3 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. | ||||
| CVE-2021-3872 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-11-03 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3621 | 2 Fedoraproject, Redhat | 10 Fedora, Sssd, Enterprise Linux and 7 more | 2025-11-03 | 8.8 High |
| A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-33646 | 4 Fedoraproject, Feep, Openatom and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2025-11-03 | 7.5 High |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | ||||
| CVE-2021-33645 | 4 Fedoraproject, Feep, Openatom and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2025-11-03 | 7.5 High |
| The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | ||||
| CVE-2021-33644 | 4 Fedoraproject, Feep, Openatom and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2025-11-03 | 8.1 High |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | ||||
| CVE-2021-33643 | 4 Fedoraproject, Feep, Openatom and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2025-11-03 | 9.1 Critical |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | ||||
| CVE-2021-28831 | 3 Busybox, Debian, Fedoraproject | 3 Busybox, Debian Linux, Fedora | 2025-11-03 | 7.5 High |
| decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | ||||
| CVE-2023-42822 | 2 Fedoraproject, Neutrinolabs | 2 Fedora, Xrdp | 2025-11-03 | 4.6 Medium |
| xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-1544 | 2 Fedoraproject, Qemu | 3 Fedora, Qemu, Rdma | 2025-11-03 | 6 Medium |
| A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | ||||
| CVE-2022-46392 | 2 Arm, Fedoraproject | 2 Mbed Tls, Fedora | 2025-11-03 | 5.3 Medium |
| An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. | ||||