Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-19 CVE-2021-3181 Memory Leak vulnerability in multiple products
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).
network
low complexity
mutt debian fedoraproject CWE-401
6.5
6.5
2021-01-19 CVE-2021-3178 Path Traversal vulnerability in multiple products
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.
network
low complexity
linux fedoraproject debian CWE-22
6.5
6.5
2021-01-12 CVE-2020-25657 A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext.
network
high complexity
m2crypto-project redhat fedoraproject
5.9
5.9
2021-01-12 CVE-2020-35655 Out-of-bounds Read vulnerability in multiple products
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
network
low complexity
python fedoraproject CWE-125
5.4
5.4
2021-01-08 CVE-2020-25678 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text.
local
low complexity
redhat fedoraproject
4.4
4.4
2021-01-06 CVE-2020-8287 HTTP Request Smuggling vulnerability in multiple products
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields).
network
low complexity
nodejs debian fedoraproject oracle siemens CWE-444
6.5
6.5
2021-01-05 CVE-2020-27845 There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0.
local
low complexity
uclouvain fedoraproject debian oracle
5.5
5.5
2021-01-05 CVE-2020-27843 Out-of-bounds Read vulnerability in multiple products
A flaw was found in OpenJPEG in versions prior to 2.4.0. 		5.5
5.5
2021-01-05 CVE-2020-27842 There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0.
local
low complexity
uclouvain fedoraproject debian redhat oracle
5.5
5.5
2021-01-05 CVE-2020-27841 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c.
local
low complexity
uclouvain fedoraproject debian oracle
5.5
5.5