Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-08 CVE-2021-23351 The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function.
network
low complexity
go-proxyproto-project fedoraproject
4.9
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC.
local
low complexity
linux fedoraproject redhat
4.4
2021-03-03 CVE-2021-22878 Cross-site Scripting vulnerability in multiple products
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
network
low complexity
nextcloud fedoraproject CWE-79
4.8
2021-03-03 CVE-2021-22877 Missing Authorization vulnerability in multiple products
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
network
low complexity
nextcloud fedoraproject CWE-862
6.5
2021-03-03 CVE-2020-8296 Weak Password Requirements vulnerability in multiple products
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
local
low complexity
nextcloud fedoraproject CWE-521
6.7
2021-03-03 CVE-2020-28591 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42.
network
low complexity
slic3r fedoraproject CWE-125
6.5
2021-03-03 CVE-2021-20225 Out-of-bounds Write vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp CWE-787
6.7
2021-03-03 CVE-2020-27749 A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp
6.7
2021-02-27 CVE-2021-25284 Insufficiently Protected Credentials vulnerability in multiple products
An issue was discovered in through SaltStack Salt before 3002.5.
local
low complexity
saltstack fedoraproject debian CWE-522
4.4
2021-02-27 CVE-2020-28972 Improper Certificate Validation vulnerability in multiple products
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
network
high complexity
saltstack fedoraproject debian CWE-295
5.9