Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2021-11-13 CVE-2021-43616 Insufficient Verification of Data Authenticity vulnerability in multiple products
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json.
network
low complexity
npmjs netapp fedoraproject CWE-345
critical
 9.8
9.8
2021-11-10 CVE-2020-23903 Divide By Zero vulnerability in multiple products
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
local
low complexity
xiph fedoraproject CWE-369
5.5
5.5
2021-11-09 CVE-2021-43519 Uncontrolled Recursion vulnerability in multiple products
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
local
low complexity
lua fedoraproject CWE-674
5.5
5.5
2021-11-08 CVE-2021-41771 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
network
low complexity
golang fedoraproject debian CWE-119
7.5
7.5
2021-11-08 CVE-2021-41772 Improper Input Validation vulnerability in multiple products
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
network
low complexity
golang fedoraproject oracle CWE-20
7.5
7.5
2021-11-08 CVE-2021-42072 Improper Authentication vulnerability in multiple products
An issue was discovered in Barrier before 2.4.0.
network
low complexity
barrier-project fedoraproject CWE-287
8.8
8.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2021-11-05 CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian
7.8
7.8
2021-11-05 CVE-2021-3928 vim is vulnerable to Use of Uninitialized Variable
local
low complexity
vim fedoraproject debian
7.8
7.8
2021-11-03 CVE-2021-27836 NULL Pointer Dereference vulnerability in multiple products
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
network
low complexity
libxls-project fedoraproject CWE-476
6.5
6.5