Vulnerabilities > Fedoraproject > Fedora > 34
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-15 | CVE-2021-23336 | HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. | 5.9 |
2021-02-11 | CVE-2019-19005 | Double Free vulnerability in multiple products A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. | 7.8 |
2021-02-11 | CVE-2019-19004 | Integer Overflow or Wraparound vulnerability in multiple products A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image. | 3.3 |
2021-02-10 | CVE-2020-13578 | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2020-13577 | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2020-13576 | Integer Overflow or Wraparound vulnerability in multiple products A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. | 9.8 |
2021-02-10 | CVE-2020-13575 | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2020-13574 | NULL Pointer Dereference vulnerability in multiple products A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. | 7.5 |
2021-02-10 | CVE-2021-0326 | Out-of-bounds Write vulnerability in multiple products In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. | 7.5 |
2021-02-05 | CVE-2020-36241 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | 5.5 |