Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2021-03-19 CVE-2021-27807 Excessive Iteration vulnerability in multiple products
A carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache fedoraproject oracle CWE-834
5.5
5.5
2021-03-19 CVE-2021-21390 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Minio
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service.
network
minio CWE-924
4.3
4.3
2021-03-19 CVE-2021-21387 Cleartext Transmission of Sensitive Information vulnerability in Wrongthink
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet.
network
low complexity
wrongthink CWE-319
5.0
5.0
2021-03-19 CVE-2020-4635 Unspecified vulnerability in IBM Soar 40.0
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.
network
low complexity
ibm
5.0
5.0
2021-03-19 CVE-2021-27506 The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files.
local
low complexity
netasq-project stormshield clamav
5.5
5.5
2021-03-19 CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
network
low complexity
kramdown-project fedoraproject debian
critical
 9.8
9.8
2021-03-19 CVE-2021-28831 Improper Handling of Exceptional Conditions vulnerability in multiple products
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
network
low complexity
busybox fedoraproject debian CWE-755
7.5
7.5
2021-03-19 CVE-2021-28090 Reachable Assertion vulnerability in multiple products
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
network
low complexity
torproject fedoraproject CWE-617
5.3
5.3
2021-03-19 CVE-2021-28089 Resource Exhaustion vulnerability in multiple products
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
network
low complexity
torproject fedoraproject CWE-400
7.5
7.5
2021-03-19 CVE-2020-25097 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4.
network
low complexity
squid-cache debian fedoraproject netapp CWE-444
8.6
8.6