Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-39924 Excessive Iteration vulnerability in multiple products
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-834
7.5
7.5
2021-11-19 CVE-2021-39925 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-120
7.5
7.5
2021-11-19 CVE-2021-39926 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-120
7.5
7.5
2021-11-19 CVE-2021-39929 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-674
7.5
7.5
2021-11-19 CVE-2021-3968 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
network
low complexity
vim fedoraproject CWE-122
8.0
8.0
2021-11-19 CVE-2021-3973 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian CWE-122
7.8
7.8
2021-11-19 CVE-2021-3974 Use After Free vulnerability in multiple products
vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian CWE-416
7.8
7.8
2021-11-19 CVE-2021-44025 Cross-site Scripting vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
network
low complexity
roundcube fedoraproject debian CWE-79
6.1
6.1
2021-11-19 CVE-2021-44026 SQL Injection vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
network
low complexity
roundcube fedoraproject debian CWE-89
critical
 9.8
9.8
2021-11-18 CVE-2021-39920 NULL Pointer Dereference vulnerability in multiple products
NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject CWE-476
7.5
7.5