Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-09-10 CVE-2021-40839 Infinite Loop vulnerability in multiple products
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
network
low complexity
rencode-project fedoraproject CWE-835
7.5
7.5
2021-09-08 CVE-2021-40346 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
network
low complexity
haproxy debian fedoraproject CWE-190
7.5
7.5
2021-09-08 CVE-2021-21996 An issue was discovered in SaltStack Salt before 3003.3.
network
high complexity
saltstack fedoraproject debian
7.5
7.5
2021-09-08 CVE-2021-22004 Race Condition vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3003.3.
local
high complexity
saltstack fedoraproject CWE-362
6.4
6.4
2021-09-08 CVE-2021-28701 Race Condition vulnerability in multiple products
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
local
high complexity
xen debian fedoraproject CWE-362
7.8
7.8
2021-09-07 CVE-2020-19752 NULL Pointer Dereference vulnerability in multiple products
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
network
low complexity
lcdf fedoraproject CWE-476
7.5
7.5
2021-09-07 CVE-2021-33285 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service.
local
low complexity
tuxera redhat fedoraproject debian CWE-787
7.8
7.8
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project fedoraproject mozilla CWE-327
5.9
5.9
2021-09-06 CVE-2021-40530 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
cryptopp fedoraproject CWE-327
5.9
5.9
2021-09-06 CVE-2021-3770 Heap-based Buffer Overflow vulnerability in multiple products
vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject netapp CWE-122
7.8
7.8