Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-03-20 CVE-2021-28951 Improper Locking vulnerability in multiple products
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8.
local
low complexity
linux fedoraproject netapp CWE-667
5.5
5.5
2021-03-20 CVE-2021-28950 Excessive Iteration vulnerability in multiple products
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8.
local
low complexity
linux fedoraproject debian CWE-834
5.5
5.5
2021-03-19 CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache fedoraproject oracle
5.5
5.5
2021-03-19 CVE-2021-27807 Excessive Iteration vulnerability in multiple products
A carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache fedoraproject oracle CWE-834
5.5
5.5
2021-03-19 CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
network
low complexity
kramdown-project fedoraproject debian
critical
 9.8
9.8
2021-03-19 CVE-2021-28831 Improper Handling of Exceptional Conditions vulnerability in multiple products
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
network
low complexity
busybox fedoraproject debian CWE-755
7.5
7.5
2021-03-19 CVE-2020-25097 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4.
network
low complexity
squid-cache debian fedoraproject netapp CWE-444
8.6
8.6
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
5.5
5.5
2021-03-16 CVE-2021-28543 Reachable Assertion vulnerability in multiple products
Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon restart) in some configurations.
network
low complexity
varnish-cache fedoraproject CWE-617
7.5
7.5
2021-03-15 CVE-2021-20283 Missing Authorization vulnerability in multiple products
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3