Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 102 of 264
CVE-2021-35567MEDIUMCVSS 6.8v33v34+1 more2021-10-20
CVE-2021-35567 [MEDIUM] CVE-2021-35567: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, O
nvd
CVE-2021-35608MEDIUMCVSS 5.3v33v34+1 more2021-10-20
CVE-2021-35608 [MEDIUM] CVE-2021-35608: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in una
nvd
CVE-2021-35602MEDIUMCVSS 5.0v33v34+1 more2021-10-20
CVE-2021-35602 [MEDIUM] CVE-2021-35602: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported ve
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abilit
nvd
CVE-2021-42739MEDIUMCVSS 6.7v33v34+1 more2021-10-20
CVE-2021-42739 [MEDIUM] CWE-787 CVE-2021-42739: The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
nvd
CVE-2021-35559MEDIUMCVSS 5.3v33v34+1 more2021-10-20
CVE-2021-35559 [MEDIUM] CWE-400 CVE-2021-35559: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to
nvd
CVE-2021-35546MEDIUMCVSS 4.9v33v34+1 more2021-10-20
CVE-2021-35546 [MEDIUM] CVE-2021-35546: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supporte
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil
nvd
CVE-2021-35596MEDIUMCVSS 4.9v33v34+1 more2021-10-20
CVE-2021-35596 [MEDIUM] CVE-2021-35596: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Suppo
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized a
nvd
CVE-2021-35588LOWCVSS 3.1v33v34+1 more2021-10-20
CVE-2021-35588 [LOW] CVE-2021-35588: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE,
nvd
CVE-2021-35603LOWCVSS 3.7v33v34+1 more2021-10-20
CVE-2021-35603 [LOW] CVE-2021-35603: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Orac
nvd
CVE-2021-30846HIGHCVSS 7.8v33v342021-10-19
CVE-2021-30846 [HIGH] CWE-787 CVE-2021-30846: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2021-3746MEDIUMCVSS 6.5v342021-10-19
CVE-2021-3746 [MEDIUM] CWE-119 CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers.
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms
nvd
CVE-2021-38297CRITICALCVSS 9.8v34v352021-10-18
CVE-2021-38297 [CRITICAL] CWE-120 CVE-2021-38297: Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function in
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
nvd
CVE-2021-41991HIGHCVSS 7.5v33v34+1 more2021-10-18
CVE-2021-41991 [HIGH] CWE-190 CVE-2021-41991: The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiv
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote c
nvd
CVE-2021-41990HIGHCVSS 7.5v33v34+1 more2021-10-18
CVE-2021-41990 [HIGH] CWE-190 CVE-2021-41990: The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate wi
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
nvd
CVE-2021-41611HIGHCVSS 7.5v352021-10-18
CVE-2021-41611 [HIGH] CWE-295 CVE-2021-41611: An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijack
nvd
CVE-2021-38562HIGHCVSS 7.5v352021-10-18
CVE-2021-38562 [HIGH] CWE-203 CVE-2021-38562: Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
nvd
CVE-2021-28021HIGHCVSS 7.8v34v352021-10-15
CVE-2021-28021 [HIGH] CWE-787 CVE-2021-28021: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a craf
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
nvd
CVE-2021-41799HIGHCVSS 7.5v33v34+1 more2021-10-11
CVE-2021-41799 [HIGH] CWE-770 CVE-2021-41799: MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query pr
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
nvd
CVE-2021-41798MEDIUMCVSS 6.1v33v34+1 more2021-10-11
CVE-2021-41798 [MEDIUM] CWE-79 CVE-2021-41798: MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being us
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
nvd
CVE-2021-41800MEDIUMCVSS 5.3v33v34+1 more2021-10-11
CVE-2021-41800 [MEDIUM] CWE-770 CVE-2021-41800: MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query pr
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
nvd