Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-26813 markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability.
network
low complexity
markdown2-project fedoraproject
7.5
7.5
2021-03-03 CVE-2021-27923 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
7.5
2021-03-03 CVE-2021-27922 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
7.5
2021-03-03 CVE-2021-27921 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
7.5
2021-02-27 CVE-2021-3197 Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-74
critical
 9.8
9.8
2021-02-27 CVE-2021-3148 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-77
critical
 9.8
9.8
2021-02-27 CVE-2021-3144 Insufficient Session Expiration vulnerability in multiple products
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration.
network
low complexity
saltstack fedoraproject debian CWE-613
critical
 9.1
9.1
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
4.4
2021-02-27 CVE-2021-25283 Code Injection vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-94
critical
 9.8
9.8
2021-02-27 CVE-2021-25282 Path Traversal vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-22
critical
 9.1
9.1