Vulnerabilities > Fedoraproject > Fedora > 34
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |
| 2021-12-08 | CVE-2021-4048 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. network low complexity lapack-project openblas-project julialang redhat fedoraproject CWE-125 critical | 9.1 |
| 2021-12-07 | CVE-2021-44686 | Resource Exhaustion vulnerability in multiple products calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. | 7.5 |
| 2021-12-06 | CVE-2021-4069 | Use After Free vulnerability in multiple products vim is vulnerable to Use After Free | 7.8 |
| 2021-12-01 | CVE-2021-3984 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-12-01 | CVE-2021-4019 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-11-29 | CVE-2021-3802 | Improper Input Validation vulnerability in multiple products A vulnerability found in udisks2. | 6.3 |
| 2021-11-26 | CVE-2021-44225 | In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. | 5.4 |
| 2021-11-24 | CVE-2021-41270 | Improper Neutralization of Formula Elements in a CSV File vulnerability in multiple products Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. | 6.5 |
| 2021-11-24 | CVE-2021-28705 | Improper Handling of Exceptional Conditions vulnerability in multiple products issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. | 7.8 |