Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-3672 |
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. Published: November 23, 2021; 2:15:07 PM -0500 |
V3.1: 5.6 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2021-44026 |
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. Published: November 18, 2021; 11:15:07 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-44025 |
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. Published: November 18, 2021; 11:15:06 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-42386 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function Published: November 15, 2021; 4:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42385 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Published: November 15, 2021; 4:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42384 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function Published: November 15, 2021; 4:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42383 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Published: November 15, 2021; 4:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42382 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42381 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42380 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42379 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42378 |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42377 |
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-42376 |
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2021-42375 |
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |
CVE-2021-42374 |
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 5.3 MEDIUM V2.0: 3.3 LOW |
CVE-2021-42373 |
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given Published: November 15, 2021; 4:15:07 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-3928 |
vim is vulnerable to Use of Uninitialized Variable Published: November 05, 2021; 11:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-3927 |
vim is vulnerable to Heap-based Buffer Overflow Published: November 05, 2021; 11:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-27836 |
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Published: November 03, 2021; 1:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |