Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
5.5
2021-11-10 CVE-2020-23903 Divide By Zero vulnerability in multiple products
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
local
low complexity
xiph fedoraproject CWE-369
5.5
5.5
2021-11-09 CVE-2021-43519 Uncontrolled Recursion vulnerability in multiple products
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
local
low complexity
lua fedoraproject CWE-674
5.5
5.5
2021-11-03 CVE-2021-27836 NULL Pointer Dereference vulnerability in multiple products
An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.
network
low complexity
libxls-project fedoraproject CWE-476
6.5
6.5
2021-11-03 CVE-2020-27820 A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
local
high complexity
linux fedoraproject oracle
4.7
4.7
2021-10-28 CVE-2021-43056 An issue was discovered in the Linux kernel for powerpc before 5.14.15.
local
low complexity
linux fedoraproject
5.5
5.5
2021-10-27 CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
network
low complexity
isc debian fedoraproject netapp siemens oracle
5.3
5.3
2021-10-26 CVE-2021-41182 jQuery-UI is the official jQuery user interface library. 6.1
6.1
2021-10-26 CVE-2021-41183 jQuery-UI is the official jQuery user interface library. 6.1
6.1
2021-10-26 CVE-2021-41184 jQuery-UI is the official jQuery user interface library. 6.1
6.1