Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-16 | CVE-2021-34798 | NULL Pointer Dereference vulnerability in multiple products Malformed requests may cause the server to dereference a NULL pointer. | 7.5 |
| 2021-09-16 | CVE-2021-36160 | Out-of-bounds Read vulnerability in multiple products A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). | 7.5 |
| 2021-09-16 | CVE-2021-39275 | Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. | 9.8 |
| 2021-09-16 | CVE-2021-40438 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. | 9.0 |
| 2021-09-15 | CVE-2021-3796 | vim is vulnerable to Use After Free | 7.3 |
| 2021-09-15 | CVE-2021-3778 | vim is vulnerable to Heap-based Buffer Overflow | 7.8 |
| 2021-09-10 | CVE-2021-40839 | Infinite Loop vulnerability in multiple products The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. | 7.5 |
| 2021-09-08 | CVE-2021-40346 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. | 7.5 |
| 2021-09-08 | CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. | 8.8 |
| 2021-09-08 | CVE-2021-21996 | An issue was discovered in SaltStack Salt before 3003.3. | 7.5 |