Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2021-23336 HTTP Request Smuggling vulnerability in multiple products
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. 		5.9
5.9
2021-02-11 CVE-2019-19005 Double Free vulnerability in multiple products
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image.
local
low complexity
autotrace-project fedoraproject CWE-415
7.8
7.8
2021-02-11 CVE-2019-19004 Integer Overflow or Wraparound vulnerability in multiple products
A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.
local
low complexity
autotrace-project fedoraproject CWE-190
3.3
3.3
2021-02-10 CVE-2020-13578 NULL Pointer Dereference vulnerability in multiple products
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.
network
low complexity
genivia fedoraproject CWE-476
7.5
7.5
2021-02-10 CVE-2020-13577 NULL Pointer Dereference vulnerability in multiple products
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.
network
low complexity
genivia fedoraproject CWE-476
7.5
7.5
2021-02-10 CVE-2020-13576 Integer Overflow or Wraparound vulnerability in multiple products
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107.
network
low complexity
genivia fedoraproject CWE-190
critical
 9.8
9.8
2021-02-10 CVE-2020-13575 NULL Pointer Dereference vulnerability in multiple products
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107.
network
low complexity
genivia fedoraproject CWE-476
7.5
7.5
2021-02-10 CVE-2020-13574 NULL Pointer Dereference vulnerability in multiple products
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.
network
low complexity
genivia fedoraproject CWE-476
7.5
7.5
2021-02-10 CVE-2021-0326 Out-of-bounds Write vulnerability in multiple products
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. 		7.5
7.5
2021-02-05 CVE-2020-36241 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
local
low complexity
gnome fedoraproject CWE-59
5.5
5.5