Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-03-05 CVE-2021-28041 Double Free vulnerability in multiple products
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
network
high complexity
openbsd fedoraproject netapp oracle CWE-415
7.1
7.1
2021-03-04 CVE-2020-35628 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal fedoraproject debian CWE-129
critical
 9.8
9.8
2021-03-04 CVE-2020-28636 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal fedoraproject debian CWE-129
critical
 9.8
9.8
2021-03-04 CVE-2020-28601 Improper Validation of Array Index vulnerability in multiple products
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1.
network
low complexity
cgal fedoraproject debian CWE-129
critical
 9.8
9.8
2021-03-03 CVE-2021-22884 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”.
network
high complexity
nodejs fedoraproject netapp oracle siemens
7.5
7.5
2021-03-03 CVE-2021-22883 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established.
network
low complexity
nodejs fedoraproject netapp oracle siemens CWE-772
7.5
7.5
2021-03-03 CVE-2021-22878 Cross-site Scripting vulnerability in multiple products
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
network
low complexity
nextcloud fedoraproject CWE-79
4.8
4.8
2021-03-03 CVE-2021-22877 Missing Authorization vulnerability in multiple products
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
network
low complexity
nextcloud fedoraproject CWE-862
6.5
6.5
2021-03-03 CVE-2020-8296 Weak Password Requirements vulnerability in multiple products
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
local
low complexity
nextcloud fedoraproject CWE-521
6.7
6.7
2021-03-03 CVE-2020-28591 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42.
network
low complexity
slic3r fedoraproject CWE-125
6.5
6.5