Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-27 CVE-2020-28243 Command Injection vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-77
7.8
7.8
2021-02-26 CVE-2021-27803 A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
high complexity
w1-fi fedoraproject debian
7.5
7.5
2021-02-24 CVE-2020-11988 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser.
network
low complexity
apache fedoraproject CWE-918
8.2
8.2
2021-02-24 CVE-2020-11987 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel.
network
low complexity
apache fedoraproject oracle debian CWE-918
8.2
8.2
2021-02-24 CVE-2020-28599 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2.
local
low complexity
openscad fedoraproject CWE-787
7.8
7.8
2021-02-23 CVE-2021-3410 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in libcaca v0.99.beta19. 		7.8
7.8
2021-02-23 CVE-2021-20247 Path Traversal vulnerability in multiple products
A flaw was found in mbsync before v1.3.5 and v1.4.1.
network
high complexity
mbsync-project debian fedoraproject CWE-22
7.4
7.4
2021-02-23 CVE-2021-26926 A flaw was found in jasper before 2.0.25.
local
low complexity
jasper-project fedoraproject
7.1
7.1
2021-02-22 CVE-2021-21157 Use After Free vulnerability in multiple products
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
microsoft fedoraproject google CWE-416
8.8
8.8
2021-02-22 CVE-2021-21156 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script.
network
low complexity
google fedoraproject CWE-787
8.8
8.8