Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2021-31542 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
7.5
7.5
2021-05-04 CVE-2021-29478 Integer Overflow or Wraparound vulnerability in multiple products
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
network
low complexity
redislabs fedoraproject CWE-190
8.8
8.8
2021-05-04 CVE-2021-29477 Integer Overflow or Wraparound vulnerability in multiple products
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
network
low complexity
redislabs fedoraproject CWE-190
8.8
8.8
2021-04-30 CVE-2021-21227 Out-of-bounds Write vulnerability in multiple products
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
8.8
2021-04-30 CVE-2021-21233 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
8.8
2021-04-30 CVE-2021-21232 Use After Free vulnerability in multiple products
Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-04-30 CVE-2021-21231 Out-of-bounds Write vulnerability in multiple products
Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-787
8.8
8.8
2021-04-30 CVE-2021-21230 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-843
8.8
8.8
2021-04-30 CVE-2021-29464 Out-of-bounds Write vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject CWE-787
7.8
7.8
2021-04-29 CVE-2020-18032 Classic Buffer Overflow vulnerability in multiple products
Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
local
low complexity
graphviz debian fedoraproject CWE-120
7.8
7.8