Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2020-1946 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.
network
low complexity
apache debian fedoraproject CWE-78
critical
 9.8
9.8
2021-03-23 CVE-2021-21351 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-434
critical
 9.1
9.1
2021-03-23 CVE-2021-21350 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21347 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21346 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-78
critical
 9.9
9.9
2021-03-23 CVE-2021-21344 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-434
critical
 9.8
9.8
2021-03-23 CVE-2021-21342 Deserialization of Untrusted Data vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
netapp apache debian fedoraproject oracle CWE-502
critical
 9.1
9.1
2021-03-19 CVE-2019-10196 A flaw was found in http-proxy-agent, prior to version 2.1.0.
network
low complexity
http-proxy-agent-project fedoraproject redhat
critical
 9.8
9.8
2021-03-19 CVE-2021-28834 Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
network
low complexity
kramdown-project fedoraproject debian
critical
 9.8
9.8