Vulnerabilities > Fedoraproject > Fedora > 34

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-02	CVE-2021-30556	Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2021-07-02	CVE-2021-30557	Use After Free vulnerability in multiple products Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. network low complexity google fedoraproject CWE-416	8.8
2021-07-02	CVE-2021-35197	Incorrect Authorization vulnerability in multiple products In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. network low complexity mediawiki debian fedoraproject CWE-863	7.5
2021-07-02	CVE-2021-35042	SQL Injection vulnerability in multiple products Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. network low complexity djangoproject fedoraproject CWE-89 critical	9.8
2021-06-30	CVE-2021-3630	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. local low complexity djvulibre-project debian fedoraproject CWE-787	5.5
2021-06-29	CVE-2021-33503	Resource Exhaustion vulnerability in multiple products An issue was discovered in urllib3 before 1.26.5. network low complexity python fedoraproject oracle CWE-400	7.5
2021-06-28	CVE-2020-28200	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. network low complexity dovecot fedoraproject CWE-770	4.3
2021-06-28	CVE-2021-33515	Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. network high complexity dovecot fedoraproject debian CWE-77	4.8
2021-06-28	CVE-2021-29157	Path Traversal vulnerability in multiple products Dovecot before 2.3.15 allows ../ Path Traversal. local low complexity dovecot fedoraproject CWE-22	5.5
2021-06-24	CVE-2021-32708	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Flysystem is an open source file storage library for PHP. network high complexity thephpleague fedoraproject CWE-367	8.1