Vulnerabilities > Fedoraproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-29 | CVE-2021-33503 | Resource Exhaustion vulnerability in multiple products An issue was discovered in urllib3 before 1.26.5. | 7.5 |
2021-06-28 | CVE-2020-28200 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | 4.3 |
2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
2021-06-28 | CVE-2021-29157 | Path Traversal vulnerability in multiple products Dovecot before 2.3.15 allows ../ Path Traversal. | 5.5 |
2021-06-24 | CVE-2021-32708 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Flysystem is an open source file storage library for PHP. | 8.1 |
2021-06-22 | CVE-2021-0561 | Out-of-bounds Write vulnerability in multiple products In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. | 5.5 |
2021-06-21 | CVE-2021-29063 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called. | 7.5 |
2021-06-18 | CVE-2020-18442 | Infinite Loop vulnerability in multiple products Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | 3.3 |
2021-06-17 | CVE-2021-34825 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. | 7.5 |
2021-06-17 | CVE-2021-3603 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). | 8.1 |