Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-27921 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
7.5
2021-02-27 CVE-2021-3197 Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-74
critical
 9.8
9.8
2021-02-27 CVE-2021-3148 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-77
critical
 9.8
9.8
2021-02-27 CVE-2021-3144 Insufficient Session Expiration vulnerability in multiple products
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration.
network
low complexity
saltstack fedoraproject debian CWE-613
critical
 9.1
9.1
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
4.4
2021-02-27 CVE-2021-25283 Code Injection vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-94
critical
 9.8
9.8
2021-02-27 CVE-2021-25282 Path Traversal vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-22
critical
 9.1
9.1
2021-02-27 CVE-2021-25281 Improper Authentication vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
network
low complexity
saltstack fedoraproject debian CWE-287
critical
 9.8
9.8
2021-02-27 CVE-2020-35662 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
network
high complexity
saltstack fedoraproject debian CWE-295
7.4
7.4
2021-02-27 CVE-2020-28972 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
network
high complexity
saltstack fedoraproject debian CWE-295
5.9
5.9