Fedoraproject: >> Fedora >> 34 Security Vulnerabilities
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVSS Score
7.5
EPSS Score
0.0
Published
2021-12-30
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2021-12-30
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
CVSS Score
7.5
EPSS Score
0.001
Published
2021-12-30
vim is vulnerable to Use After Free
CVSS Score
6.8
EPSS Score
0.003
Published
2021-12-29
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
CVSS Score
6.6
EPSS Score
0.504
Published
2021-12-28
vim is vulnerable to Use After Free
CVSS Score
6.8
EPSS Score
0.002
Published
2021-12-27
vim is vulnerable to Out-of-bounds Read
CVSS Score
7.1
EPSS Score
0.002
Published
2021-12-25
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-12-23
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
CVSS Score
4.3
EPSS Score
0.006
Published
2021-12-23
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-23