Vulnerabilities > Fedoraproject > Fedora > 34
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-19 | CVE-2021-32760 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products containerd is a container runtime. | 6.3 |
2021-07-16 | CVE-2021-32749 | Code Injection vulnerability in multiple products fail2ban is a daemon to ban hosts that cause multiple authentication errors. | 8.1 |
2021-07-15 | CVE-2021-34558 | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
2021-07-14 | CVE-2021-36740 | HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. network low complexity varnish-cache varnish-cache-project varnish-software fedoraproject debian CWE-444 | 6.5 |
2021-07-14 | CVE-2021-24119 | Information Exposure Through Discrepancy vulnerability in multiple products In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
2021-07-13 | CVE-2021-34552 | Classic Buffer Overflow vulnerability in multiple products Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 |
2021-07-12 | CVE-2021-32703 | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
2021-07-12 | CVE-2021-32705 | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 7.5 |
2021-07-12 | CVE-2021-32680 | Insufficient Logging vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 3.3 |
2021-07-12 | CVE-2021-32688 | Improper Authorization vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |