Vulnerabilities > Fedoraproject > Fedora > 34
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2021-27919 | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | 5.5 |
| 2021-03-10 | CVE-2021-21334 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. | 6.3 |
| 2021-03-10 | CVE-2021-21772 | Use After Free vulnerability in multiple products A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. | 8.1 |
| 2021-03-10 | CVE-2021-20205 | Divide By Zero vulnerability in multiple products Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. | 6.5 |
| 2021-03-09 | CVE-2021-28116 | Out-of-bounds Read vulnerability in multiple products Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. | 5.3 |
| 2021-03-09 | CVE-2021-21300 | Link Following vulnerability in multiple products Git is an open-source distributed revision control system. | 7.5 |
| 2021-03-09 | CVE-2021-21190 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | 8.8 |
| 2021-03-09 | CVE-2021-21189 | Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
| 2021-03-09 | CVE-2021-21188 | Use After Free vulnerability in multiple products Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-03-09 | CVE-2021-21187 | Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 |