Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-03 CVE-2021-30571 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-863
critical
 9.6
9.6
2021-08-02 CVE-2021-32810 crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust.
network
low complexity
crossbeam-project fedoraproject
critical
 9.8
9.8
2021-07-13 CVE-2021-34552 Classic Buffer Overflow vulnerability in multiple products
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
network
low complexity
python debian fedoraproject CWE-120
critical
 9.8
9.8
2021-07-02 CVE-2021-35042 SQL Injection vulnerability in multiple products
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
network
low complexity
djangoproject fedoraproject CWE-89
critical
 9.8
9.8
2021-06-11 CVE-2021-22915 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations.
network
low complexity
nextcloud fedoraproject CWE-307
critical
 9.8
9.8
2021-06-10 CVE-2021-34363 Path Traversal vulnerability in multiple products
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
network
low complexity
the-fuck-project fedoraproject CWE-22
critical
 9.1
9.1
2021-06-10 CVE-2021-26691 Out-of-bounds Write vulnerability in multiple products
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
network
low complexity
apache debian fedoraproject oracle netapp CWE-787
critical
 9.8
9.8
2021-06-04 CVE-2021-30475 Classic Buffer Overflow vulnerability in multiple products
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
network
low complexity
aomedia fedoraproject CWE-120
critical
 9.8
9.8
2021-06-02 CVE-2021-25287 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0.
network
low complexity
python fedoraproject CWE-125
critical
 9.1
9.1
2021-06-02 CVE-2021-25288 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0.
network
low complexity
python fedoraproject CWE-125
critical
 9.1
9.1