Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2021-30475 Classic Buffer Overflow vulnerability in multiple products
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
network
low complexity
aomedia fedoraproject CWE-120
critical
 9.8
9.8
2021-06-02 CVE-2021-25287 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0.
network
low complexity
python fedoraproject CWE-125
critical
 9.1
9.1
2021-06-02 CVE-2021-25288 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Pillow before 8.2.0.
network
low complexity
python fedoraproject CWE-125
critical
 9.1
9.1
2021-05-28 CVE-2021-32642 Injection vulnerability in multiple products
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports.
network
low complexity
uninett fedoraproject CWE-74
critical
 9.4
9.4
2021-05-28 CVE-2021-20236 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the ZeroMQ server in versions before 4.3.3.
network
low complexity
zeromq redhat fedoraproject CWE-787
critical
 9.8
9.8
2021-05-27 CVE-2021-31535 Classic Buffer Overflow vulnerability in multiple products
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code.
network
low complexity
x-org fedoraproject CWE-120
critical
 9.8
9.8
2021-05-25 CVE-2021-33574 Use After Free vulnerability in multiple products
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
network
low complexity
gnu fedoraproject netapp debian CWE-416
critical
 9.8
9.8
2021-05-14 CVE-2021-3402 An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
network
low complexity
virustotal fedoraproject
critical
 9.1
9.1
2021-05-06 CVE-2021-20204 A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases.
network
low complexity
getdata-project debian fedoraproject
critical
 9.8
9.8
2021-05-06 CVE-2021-30473 Release of Invalid Pointer or Reference vulnerability in multiple products
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
network
low complexity
aomedia fedoraproject CWE-763
critical
 9.8
9.8