Vulnerabilities > Fedoraproject > Fedora > 35

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
debian apache fedoraproject tenable oracle
7.5
7.5
2021-08-13 CVE-2021-37695 ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor debian fedoraproject oracle
5.4
5.4
2021-08-12 CVE-2021-31556 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in the Oauth extension for MediaWiki through 1.35.2.
network
low complexity
mediawiki fedoraproject CWE-1284
critical
 9.8
9.8
2021-08-12 CVE-2021-32808 ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle
5.4
5.4
2021-08-12 CVE-2021-32809 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle CWE-79
5.4
5.4
2021-08-12 CVE-2021-38604 NULL Pointer Dereference vulnerability in multiple products
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference.
network
low complexity
gnu fedoraproject oracle CWE-476
7.5
7.5
2021-08-12 CVE-2021-20314 Out-of-bounds Write vulnerability in multiple products
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
network
low complexity
libspf2 redhat fedoraproject CWE-787
critical
 9.8
9.8
2021-08-12 CVE-2021-38593 Out-of-bounds Write vulnerability in multiple products
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
network
low complexity
qt fedoraproject CWE-787
7.5
7.5
2021-08-11 CVE-2021-0002 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.
local
low complexity
intel fedoraproject CWE-754
7.1
7.1
2021-08-08 CVE-2021-36221 Race Condition vulnerability in multiple products
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
network
high complexity
golang fedoraproject debian oracle siemens CWE-362
5.9
5.9