Vulnerabilities > Fedoraproject > Fedora > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-16 | CVE-2021-39275 | Out-of-bounds Write vulnerability in multiple products ap_escape_quotes() may write beyond the end of a buffer when given malicious input. | 9.8 |
| 2021-08-12 | CVE-2021-31556 | Improper Validation of Specified Quantity in Input vulnerability in multiple products An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. | 9.8 |
| 2021-08-12 | CVE-2021-20314 | Out-of-bounds Write vulnerability in multiple products Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. | 9.8 |
| 2021-08-07 | CVE-2021-38173 | Command Injection vulnerability in multiple products Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. | 9.8 |
| 2021-08-03 | CVE-2021-30571 | Incorrect Authorization vulnerability in multiple products Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2021-08-02 | CVE-2021-32810 | Race Condition vulnerability in multiple products crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. | 9.8 |
| 2021-07-13 | CVE-2021-34552 | Classic Buffer Overflow vulnerability in multiple products Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 |
| 2021-07-02 | CVE-2021-35042 | SQL Injection vulnerability in multiple products Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. | 9.8 |
| 2021-06-11 | CVE-2021-22915 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. | 9.8 |
| 2021-06-10 | CVE-2021-34363 | Path Traversal vulnerability in multiple products The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | 9.1 |