Vulnerabilities > Fedoraproject > Fedora > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-3796 vim is vulnerable to Use After Free
local
low complexity
vim fedoraproject debian netapp
7.3
7.3
2021-09-15 CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject debian netapp
7.8
7.8
2021-09-10 CVE-2021-40839 Infinite Loop vulnerability in multiple products
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
network
low complexity
rencode-project fedoraproject CWE-835
7.5
7.5
2021-09-08 CVE-2021-40346 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
network
low complexity
haproxy debian fedoraproject CWE-190
7.5
7.5
2021-09-08 CVE-2021-21897 A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0.
network
low complexity
ribbonsoft fedoraproject debian
8.8
8.8
2021-09-08 CVE-2021-21996 An issue was discovered in SaltStack Salt before 3003.3.
network
high complexity
saltstack fedoraproject debian
7.5
7.5
2021-09-08 CVE-2021-28701 Race Condition vulnerability in multiple products
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
local
high complexity
xen debian fedoraproject CWE-362
7.8
7.8
2021-09-07 CVE-2020-19752 NULL Pointer Dereference vulnerability in multiple products
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.
network
low complexity
lcdf fedoraproject CWE-476
7.5
7.5
2021-09-07 CVE-2021-33287 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
7.8
2021-09-07 CVE-2021-35266 Out-of-bounds Write vulnerability in multiple products
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution.
local
low complexity
tuxera debian fedoraproject CWE-787
7.8
7.8