Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-03-15 CVE-2021-20282 Incorrect Authorization vulnerability in multiple products
When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-863
5.3
5.3
2021-03-15 CVE-2021-20281 Incorrect Authorization vulnerability in multiple products
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-863
5.3
5.3
2021-03-15 CVE-2021-20280 Cross-site Scripting vulnerability in multiple products
Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-79
5.4
5.4
2021-03-15 CVE-2021-20279 Cross-site Scripting vulnerability in multiple products
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-79
5.4
5.4
2021-03-15 CVE-2021-28363 Improper Certificate Validation vulnerability in multiple products
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies.
network
low complexity
python fedoraproject oracle CWE-295
6.5
6.5
2021-03-15 CVE-2021-20179 Incorrect Authorization vulnerability in multiple products
A flaw was found in pki-core.
network
low complexity
dogtagpki redhat fedoraproject CWE-863
8.1
8.1
2021-03-15 CVE-2021-28375 Missing Authorization vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.6.
local
low complexity
linux fedoraproject netapp CWE-862
7.8
7.8
2021-03-12 CVE-2021-20232 Use After Free vulnerability in multiple products
A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject CWE-416
critical
 9.8
9.8
2021-03-12 CVE-2021-20231 Use After Free vulnerability in multiple products
A flaw was found in gnutls.
network
low complexity
gnu redhat fedoraproject netapp CWE-416
critical
 9.8
9.8
2021-03-11 CVE-2021-21381 Injection vulnerability in multiple products
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject CWE-74
8.2
8.2