Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-27921 Improper Input Validation vulnerability in multiple products
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
network
low complexity
python fedoraproject CWE-20
7.5
7.5
2021-02-27 CVE-2020-35662 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
network
high complexity
saltstack fedoraproject debian CWE-295
7.4
7.4
2021-02-27 CVE-2020-28243 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-77
7.8
7.8
2021-02-26 CVE-2021-27803 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
high complexity
w1-fi fedoraproject debian
7.5
7.5
2021-02-24 CVE-2020-11988 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser.
network
low complexity
apache fedoraproject CWE-918
8.2
8.2
2021-02-24 CVE-2020-11987 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel.
network
low complexity
apache fedoraproject oracle debian CWE-918
8.2
8.2
2021-02-24 CVE-2020-28599 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2.
local
low complexity
openscad fedoraproject CWE-787
7.8
7.8
2021-02-23 CVE-2021-3410 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in libcaca v0.99.beta19. 		7.8
7.8
2021-02-23 CVE-2021-20247 Path Traversal vulnerability in multiple products
A flaw was found in mbsync before v1.3.5 and v1.4.1.
network
high complexity
mbsync-project debian fedoraproject CWE-22
7.4
7.4
2021-02-23 CVE-2021-26926 A flaw was found in jasper before 2.0.25.
local
low complexity
jasper-project fedoraproject
7.1
7.1