Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-22 CVE-2021-3935 Improper Certificate Validation vulnerability in multiple products
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption.
network
high complexity
pgbouncer redhat fedoraproject debian CWE-295
8.1
8.1
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-11-21 CVE-2021-28710 Improper Privilege Management vulnerability in multiple products
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs.
local
low complexity
xen fedoraproject CWE-269
8.8
8.8
2021-11-19 CVE-2021-21898 A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580.
network
low complexity
librecad debian fedoraproject
8.8
8.8
2021-11-19 CVE-2021-21899 A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580.
network
low complexity
librecad fedoraproject debian
8.8
8.8
2021-11-19 CVE-2021-21900 A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580.
network
low complexity
librecad debian fedoraproject
8.8
8.8
2021-11-19 CVE-2021-39921 NULL Pointer Dereference vulnerability in multiple products
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-476
7.5
7.5
2021-11-19 CVE-2021-39922 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-120
7.5
7.5
2021-11-19 CVE-2021-39924 Excessive Iteration vulnerability in multiple products
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-834
7.5
7.5
2021-11-19 CVE-2021-39925 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject debian CWE-120
7.5
7.5