Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-36979 Out-of-bounds Write vulnerability in multiple products
Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).
local
low complexity
unicorn-engine fedoraproject CWE-787
5.5
2021-07-19 CVE-2021-32760 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
containerd is a container runtime.
network
low complexity
linuxfoundation fedoraproject CWE-732
6.3
2021-07-16 CVE-2021-32749 Code Injection vulnerability in multiple products
fail2ban is a daemon to ban hosts that cause multiple authentication errors.
network
high complexity
fail2ban fedoraproject CWE-94
8.1
2021-07-15 CVE-2021-34558 Improper Certificate Validation vulnerability in multiple products
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
network
low complexity
golang fedoraproject netapp oracle CWE-295
6.5
2021-07-14 CVE-2021-36740 HTTP Request Smuggling vulnerability in multiple products
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request.
6.5
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in multiple products
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm fedoraproject debian CWE-203
4.9
2021-07-13 CVE-2021-34552 Classic Buffer Overflow vulnerability in multiple products
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
network
low complexity
python debian fedoraproject CWE-120
critical
9.8
2021-07-12 CVE-2021-32703 Improper Control of Interaction Frequency vulnerability in multiple products
Nextcloud Server is a Nextcloud package that handles data storage.
network
low complexity
nextcloud fedoraproject CWE-799
5.3
2021-07-12 CVE-2021-32705 Improper Control of Interaction Frequency vulnerability in multiple products
Nextcloud Server is a Nextcloud package that handles data storage.
network
low complexity
nextcloud fedoraproject CWE-799
7.5
2021-07-12 CVE-2021-32680 Insufficient Logging vulnerability in multiple products
Nextcloud Server is a Nextcloud package that handles data storage.
local
low complexity
nextcloud fedoraproject CWE-778
3.3