Vulnerabilities > Fedoraproject > Fedora
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-27807 | Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. | 5.5 |
| 2021-03-19 | CVE-2021-28834 | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | 9.8 |
| 2021-03-19 | CVE-2021-28831 | Improper Handling of Exceptional Conditions vulnerability in multiple products decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | 7.5 |
| 2021-03-19 | CVE-2021-28090 | Reachable Assertion vulnerability in multiple products Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | 5.3 |
| 2021-03-19 | CVE-2021-28089 | Resource Exhaustion vulnerability in multiple products Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | 7.5 |
| 2021-03-19 | CVE-2020-25097 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. | 8.6 |
| 2021-03-18 | CVE-2021-3416 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. | 6.0 |
| 2021-03-18 | CVE-2020-26797 | Out-of-bounds Write vulnerability in multiple products Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. | 7.5 |
| 2021-03-18 | CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. | 7.5 |
| 2021-03-17 | CVE-2021-28660 | Out-of-bounds Write vulnerability in multiple products rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. | 8.8 |