Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-04-21 CVE-2021-28965 XXE vulnerability in multiple products
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues.
network
low complexity
ruby-lang fedoraproject CWE-611
5.0
2021-04-20 CVE-2021-29155 Out-Of-Bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.x.
local
low complexity
linux fedoraproject CWE-125
2.1
2021-04-15 CVE-2021-20288 Improper Authentication vulnerability in multiple products
An authentication flaw was found in ceph in versions before 14.2.20.
network
low complexity
linuxfoundation redhat fedoraproject CWE-287
6.5
2021-04-15 CVE-2021-3487 Resource Exhaustion vulnerability in multiple products
There's a flaw in the BFD library of binutils in versions before 2.36.
7.1
2021-04-14 CVE-2021-31162 Double Free vulnerability in multiple products
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
network
low complexity
rust-lang fedoraproject CWE-415
7.5
2021-04-14 CVE-2020-36323 USE of Externally-Controlled Format String vulnerability in multiple products
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
network
low complexity
rust-lang fedoraproject CWE-134
6.4
2021-04-11 CVE-2021-28879 Integer Overflow OR Wraparound vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow.
network
low complexity
rust-lang fedoraproject CWE-190
7.5
2021-04-11 CVE-2021-28878 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together.
4.3
2021-04-11 CVE-2021-28876 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue.
network
low complexity
rust-lang fedoraproject CWE-119
5.0
2021-04-09 CVE-2021-30159 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.
network
low complexity
mediawiki debian fedoraproject
4.0