Vulnerabilities > Fedoraproject > Fedora > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2021-28658 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
5.3
5.3
2021-04-06 CVE-2021-30158 Improper Authentication vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-287
5.3
5.3
2021-04-06 CVE-2021-30157 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
6.1
2021-04-06 CVE-2021-30154 Cross-site Scripting vulnerability in multiple products
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject CWE-79
6.1
6.1
2021-04-02 CVE-2021-1801 This issue was addressed with improved iframe sandbox enforcement.
network
low complexity
apple fedoraproject webkitgtk
6.5
6.5
2021-04-02 CVE-2021-1799 A port redirection issue was addressed with additional port validation.
network
low complexity
apple fedoraproject webkitgtk
6.5
6.5
2021-04-02 CVE-2021-1765 This issue was addressed with improved iframe sandbox enforcement.
network
low complexity
apple fedoraproject webkitgtk
6.5
6.5
2021-04-01 CVE-2021-3447 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode.
local
low complexity
redhat fedoraproject
5.5
5.5
2021-04-01 CVE-2021-22876 Information Exposure vulnerability in multiple products
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. 		5.3
5.3
2021-04-01 CVE-2021-20291 A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1.
network
low complexity
storage-project redhat fedoraproject
6.5
6.5