Vulnerabilities > Fedoraproject > Fedora > 34

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2020-27840 Out-of-bounds Read vulnerability in multiple products
A flaw was found in samba.
network
low complexity
samba debian fedoraproject CWE-125
7.5
7.5
2021-05-12 CVE-2021-20277 Out-of-bounds Write vulnerability in multiple products
A flaw was found in Samba's libldb.
network
low complexity
samba debian fedoraproject CWE-787
7.5
7.5
2021-05-11 CVE-2021-32606 Use After Free vulnerability in multiple products
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free.
local
low complexity
linux fedoraproject CWE-416
7.8
7.8
2021-05-11 CVE-2021-3504 Out-of-bounds Read vulnerability in multiple products
A flaw was found in the hivex library in versions before 1.3.20.
network
low complexity
redhat debian fedoraproject CWE-125
5.4
5.4
2021-05-11 CVE-2021-31204 .NET and Visual Studio Elevation of Privilege Vulnerability
local
low complexity
microsoft fedoraproject
7.3
7.3
2021-05-11 CVE-2021-29471 Insufficient Entropy vulnerability in multiple products
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).
network
low complexity
matrix fedoraproject CWE-331
5.3
5.3
2021-05-10 CVE-2021-32056 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
network
low complexity
cyrus fedoraproject CWE-732
4.3
4.3
2021-05-07 CVE-2021-21419 Resource Exhaustion vulnerability in multiple products
Eventlet is a concurrent networking library for Python.
network
low complexity
eventlet fedoraproject CWE-400
5.3
5.3
2021-05-06 CVE-2021-31829 Incorrect Authorization vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a.
local
low complexity
linux fedoraproject debian CWE-863
5.5
5.5
2021-05-06 CVE-2021-32052 Cross-site Scripting vulnerability in multiple products
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used).
network
low complexity
djangoproject fedoraproject CWE-79
6.1
6.1