Vulnerabilities > Fedoraproject > Fedora > 34
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-10 | CVE-2021-40839 | Infinite Loop vulnerability in multiple products The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. | 7.5 |
2021-09-08 | CVE-2021-40346 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | 7.5 |
2021-09-08 | CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. | 7.5 |
2021-09-08 | CVE-2021-22004 | Race Condition vulnerability in multiple products An issue was discovered in SaltStack Salt before 3003.3. | 6.4 |
2021-09-08 | CVE-2021-28701 | Race Condition vulnerability in multiple products Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. | 7.8 |
2021-09-07 | CVE-2020-19752 | NULL Pointer Dereference vulnerability in multiple products The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | 7.5 |
2021-09-07 | CVE-2021-33285 | Out-of-bounds Write vulnerability in multiple products In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. | 7.8 |
2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
2021-09-06 | CVE-2021-40530 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
2021-09-06 | CVE-2021-3770 | Heap-based Buffer Overflow vulnerability in multiple products vim is vulnerable to Heap-based Buffer Overflow | 7.8 |