Vulnerabilities > Fedoraproject > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-29623 | Use of Uninitialized Resource vulnerability in multiple products Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. | 3.3 |
| 2021-05-13 | CVE-2020-14354 | Use After Free vulnerability in multiple products A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. | 3.3 |
| 2021-05-06 | CVE-2021-3501 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel in versions before 5.12. | 3.6 |
| 2021-05-05 | CVE-2021-25317 | Incorrect Default Permissions vulnerability in multiple products A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. | 3.3 |
| 2021-04-26 | CVE-2021-29473 | Out-of-bounds Read vulnerability in multiple products Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. | 2.5 |
| 2021-04-07 | CVE-2020-36314 | Link Following vulnerability in multiple products fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 3.9 |
| 2021-04-02 | CVE-2020-29623 | "Clear History and Website Data" did not clear the history. | 3.3 |
| 2021-04-01 | CVE-2021-22890 | Authentication Bypass by Spoofing vulnerability in multiple products curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. | 3.7 |
| 2021-04-01 | CVE-2021-28163 | Link Following vulnerability in multiple products In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | 2.7 |
| 2021-03-23 | CVE-2021-3392 | Use After Free vulnerability in multiple products A use-after-free flaw was found in the MegaRAID emulator of QEMU. | 3.2 |