Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-20 | CVE-2021-33909 | Classic Buffer Overflow vulnerability in multiple products fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. | 7.2 |
| 2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits OR Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 4.9 |
| 2021-07-09 | CVE-2021-3570 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products A flaw was found in the ptp4l program of the linuxptp package. | 8.0 |
| 2021-07-09 | CVE-2021-3612 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. | 7.2 |
| 2021-06-15 | CVE-2021-31618 | Null Pointer Dereference vulnerability in multiple products Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. | 5.0 |
| 2021-06-09 | CVE-2021-0086 | Information Exposure Through Discrepancy vulnerability in multiple products Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 2.1 |
| 2021-06-09 | CVE-2021-0089 | Information Exposure Through Discrepancy vulnerability in multiple products Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 2.1 |
| 2021-06-09 | CVE-2021-32677 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. | 5.8 |
| 2021-06-09 | CVE-2021-3532 | Information Exposure vulnerability in multiple products A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. | 4.3 |
| 2021-06-09 | CVE-2021-3533 | Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in multiple products A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. | 1.2 |