Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-13 CVE-2020-28374 Path Traversal vulnerability in multiple products
In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3.
network
low complexity
linux fedoraproject debian CWE-22
8.1
8.1
2021-01-12 CVE-2021-1723 ASP.NET Core and Visual Studio Denial of Service Vulnerability
network
low complexity
microsoft fedoraproject
7.5
7.5
2021-01-12 CVE-2021-23240 Link Following vulnerability in multiple products
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target.
local
low complexity
sudo-project netapp fedoraproject CWE-59
7.8
7.8
2021-01-12 CVE-2020-35654 Out-of-bounds Write vulnerability in multiple products
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
network
low complexity
python fedoraproject CWE-787
8.8
8.8
2021-01-12 CVE-2020-35653 Out-of-bounds Read vulnerability in multiple products
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
network
low complexity
python fedoraproject debian CWE-125
7.1
7.1
2021-01-11 CVE-2020-35701 SQL Injection vulnerability in multiple products
An issue was discovered in Cacti 1.2.x through 1.2.16.
network
low complexity
cacti fedoraproject CWE-89
8.8
8.8
2021-01-08 CVE-2021-21116 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
8.8
2021-01-08 CVE-2021-21114 Use After Free vulnerability in multiple products
Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-01-08 CVE-2021-21113 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-787
8.8
8.8
2021-01-08 CVE-2021-21112 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8