Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-02 CVE-2021-3281 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
network
low complexity
djangoproject fedoraproject netapp CWE-22
5.3
5.3
2021-02-01 CVE-2020-28493 Resource Exhaustion vulnerability in multiple products
This affects the package jinja2 from 0.0.0 and before 2.11.3.
network
low complexity
palletsprojects fedoraproject CWE-400
5.3
5.3
2021-01-27 CVE-2021-3272 Out-of-bounds Read vulnerability in multiple products
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
local
low complexity
jasper-project fedoraproject CWE-125
5.5
5.5
2021-01-26 CVE-2021-3308 An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x.
local
low complexity
xen fedoraproject
5.5
5.5
2021-01-26 CVE-2021-3114 Incorrect Calculation vulnerability in multiple products
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
network
low complexity
golang fedoraproject debian netapp CWE-682
6.5
6.5
2021-01-20 CVE-2020-25687 A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian
5.9
5.9
2021-01-20 CVE-2020-25683 A flaw was found in dnsmasq before version 2.83.
network
high complexity
thekelleys fedoraproject debian
5.9
5.9
2021-01-19 CVE-2020-14410 Out-of-bounds Read vulnerability in multiple products
SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.
network
low complexity
libsdl debian fedoraproject CWE-125
5.4
5.4
2021-01-19 CVE-2021-3181 Memory Leak vulnerability in multiple products
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
network
low complexity
mutt debian fedoraproject CWE-401
6.5
6.5
2021-01-19 CVE-2021-3178 Path Traversal vulnerability in multiple products
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.
network
low complexity
linux fedoraproject debian CWE-22
6.5
6.5