Factory@- Security Vulnerabilities and Issues — Factory@- CVE List

Lucene search

OpensuseFactory-

6 matches found

CVE•added 2022/01/01 6:15 a.m.•429 views

CVE-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

7.5CVSS7.5AI score0.00673EPSS

CVE•added 2022/01/01 5:15 a.m.•382 views

CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

7.5CVSS7.4AI score0.00422EPSS

CVE•added 2021/12/25 7:15 p.m.•219 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read

7.1CVSS8.1AI score0.00224EPSS

CVE•added 2022/02/19 12:15 a.m.•180 views

CVE-2021-45082

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)

7.8CVSS7.5AI score0.00038EPSS

CVE•added 2022/01/06 4:15 a.m.•120 views

CVE-2021-46141

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner.

5.5CVSS5.2AI score0.00086EPSS

CVE•added 2022/01/06 4:15 a.m.•120 views

CVE-2021-46142

An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax.

5.5CVSS5.2AI score0.00086EPSS