Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 99 of 264
CVE-2021-42377CRITICALCVSS 9.8v33v342021-11-15
CVE-2021-42377 [CRITICAL] CWE-590 CVE-2021-42377: An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
nvd
CVE-2021-42380HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42380 [HIGH] CWE-416 CVE-2021-42380: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
nvd
CVE-2021-42381HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42381 [HIGH] CWE-416 CVE-2021-42381: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
nvd
CVE-2021-42379HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42379 [HIGH] CWE-416 CVE-2021-42379: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
nvd
CVE-2021-42386HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42386 [HIGH] CWE-416 CVE-2021-42386: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
nvd
CVE-2021-42378HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42378 [HIGH] CWE-416 CVE-2021-42378: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
nvd
CVE-2021-42384HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42384 [HIGH] CWE-416 CVE-2021-42384: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
nvd
CVE-2021-42382HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42382 [HIGH] CWE-416 CVE-2021-42382: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
nvd
CVE-2021-42383HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42383 [HIGH] CWE-416 CVE-2021-42383: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
nvd
CVE-2021-42385HIGHCVSS 7.2v33v342021-11-15
CVE-2021-42385 [HIGH] CWE-416 CVE-2021-42385: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
nvd
CVE-2021-42373MEDIUMCVSS 5.5v33v342021-11-15
CVE-2021-42373 [MEDIUM] CWE-476 CVE-2021-42373: A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
nvd
CVE-2021-42375MEDIUMCVSS 5.5v33v342021-11-15
CVE-2021-42375 [MEDIUM] CWE-159 CVE-2021-42375: An incorrect handling of a special element in Busybox's ash applet leads to denial of service when p
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
nvd
CVE-2021-42374MEDIUMCVSS 5.3v33v342021-11-15
CVE-2021-42374 [MEDIUM] CWE-125 CVE-2021-42374: An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of servic
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
nvd
CVE-2021-42376MEDIUMCVSS 5.5v33v342021-11-15
CVE-2021-42376 [MEDIUM] CWE-476 CVE-2021-42376: A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a cra
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
nvd
CVE-2021-43616CRITICALCVSS 9.8v352021-11-13
CVE-2021-43616 [CRITICAL] CWE-345 CVE-2021-43616: The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in p
nvd
CVE-2020-23903MEDIUMCVSS 5.5v34v352021-11-10
CVE-2020-23903 [MEDIUM] CWE-369 CVE-2020-23903: A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attacker
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
nvd
CVE-2021-43519MEDIUMCVSS 5.5v352021-11-09
CVE-2021-43519 [MEDIUM] CWE-674 CVE-2021-43519: Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a D
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
nvd
CVE-2021-41771HIGHCVSS 7.5v34v352021-11-08
CVE-2021-41771 [HIGH] CWE-119 CVE-2021-41771: ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 A
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
nvd
CVE-2021-41772HIGHCVSS 7.5v34v352021-11-08
CVE-2021-41772 [HIGH] CWE-20 CVE-2021-41772: Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
nvd
CVE-2021-42072HIGHCVSS 8.8v34v352021-11-08
CVE-2021-42072 [HIGH] CWE-287 CVE-2021-42072: An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side impleme
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corru
nvd