Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-3673 | Unchecked Return Value vulnerability in multiple products A vulnerability was found in Radare2 in version 5.3.1. | 7.5 |
| 2021-08-02 | CVE-2021-34556 | Information Exposure Through Discrepancy vulnerability in multiple products In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | 5.5 |
| 2021-08-02 | CVE-2021-35477 | Information Exposure Through Discrepancy vulnerability in multiple products In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. | 5.5 |
| 2021-07-30 | CVE-2021-37746 | Open Redirect vulnerability in multiple products textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. | 6.1 |
| 2021-07-30 | CVE-2021-32610 | Link Following vulnerability in multiple products In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | 7.1 |
| 2021-07-30 | CVE-2021-36386 | Missing Initialization of Resource vulnerability in multiple products report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. | 7.5 |
| 2021-07-28 | CVE-2021-23414 | Cross-site Scripting vulnerability in multiple products This affects the package video.js before 7.14.3. | 6.1 |
| 2021-07-26 | CVE-2021-37576 | Out-of-bounds Write vulnerability in multiple products arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | 7.8 |
| 2021-07-26 | CVE-2021-31292 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. | 7.5 |
| 2021-07-26 | CVE-2021-32791 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 5.9 |