VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Fedoraproject
>
Fedora
> 37
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2022-01-10
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty
debian
fedoraproject
8.8
8.8
2022-01-01
CVE-2021-45958
Out-of-bounds Write vulnerability in multiple products
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode).
local
low complexity
ultrajson-project
debian
fedoraproject
CWE-787
5.5
5.5
2021-12-21
CVE-2021-45450
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm
fedoraproject
CWE-327
7.5
7.5
2021-12-21
CVE-2021-45451
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm
fedoraproject
CWE-327
7.5
7.5
2021-11-17
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor
drupal
oracle
fedoraproject
5.4
5.4
2021-11-05
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp
fedoraproject
debian
critical
9.8
9.8
2021-09-08
CVE-2021-21897
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0.
network
low complexity
ribbonsoft
fedoraproject
debian
8.8
8.8
2021-08-24
CVE-2021-38714
Integer Overflow or Wraparound vulnerability in multiple products
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution.
network
low complexity
plib-project
debian
fedoraproject
CWE-190
8.8
8.8
2021-07-28
CVE-2021-23414
Cross-site Scripting vulnerability in multiple products
This affects the package video.js before 7.14.3.
network
low complexity
videojs
fedoraproject
CWE-79
6.1
6.1
«
Previous
1
2
...
62
63
64
65
66
(current)
»