Vulnerabilities > Fedoraproject > Fedora > 33

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-11-19	CVE-2021-44025	Cross-site Scripting vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. network low complexity roundcube fedoraproject debian CWE-79	6.1
2021-11-19	CVE-2021-44026	SQL Injection vulnerability in multiple products Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. network low complexity roundcube fedoraproject debian CWE-89 critical	9.8
2021-11-15	CVE-2021-42373	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given local low complexity busybox fedoraproject netapp CWE-476	5.5
2021-11-15	CVE-2021-42374	Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. local high complexity busybox fedoraproject netapp CWE-125	5.3
2021-11-15	CVE-2021-42375	An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. local low complexity busybox fedoraproject netapp	5.5
2021-11-15	CVE-2021-42376	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. local low complexity busybox fedoraproject netapp CWE-476	5.5
2021-11-15	CVE-2021-42377	Release of Invalid Pointer or Reference vulnerability in multiple products An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. network low complexity busybox fedoraproject netapp CWE-763 critical	9.8
2021-11-15	CVE-2021-42378	Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function network low complexity busybox fedoraproject CWE-416	7.2
2021-11-15	CVE-2021-42379	Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function network low complexity busybox fedoraproject CWE-416	7.2