Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-21 CVE-2021-42715 Infinite Loop vulnerability in multiple products
An issue was discovered in stb stb_image.h 1.33 through 2.27.
local
low complexity
nothings fedoraproject debian CWE-835
5.5
2021-10-21 CVE-2021-42327 Out-of-bounds Write vulnerability in multiple products
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem.
local
low complexity
linux fedoraproject netapp CWE-787
6.7
2021-10-20 CVE-2021-42762 BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace.
local
low complexity
webkitgtk wpewebkit fedoraproject debian
5.3
2021-10-20 CVE-2021-35604 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
network
low complexity
oracle netapp fedoraproject mariadb
5.5
2021-10-20 CVE-2021-42739 Out-of-bounds Write vulnerability in multiple products
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
6.7
2021-10-19 CVE-2021-3746 A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers.
network
low complexity
libtpms-project fedoraproject redhat
6.5
2021-10-15 CVE-2021-3875 vim is vulnerable to Heap-based Buffer Overflow
local
low complexity
vim fedoraproject
5.5
2021-10-11 CVE-2021-41798 Cross-site Scripting vulnerability in multiple products
MediaWiki before 1.36.2 allows XSS.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
2021-10-11 CVE-2021-41800 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
5.3
2021-10-08 CVE-2021-37958 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
network
low complexity
google fedoraproject debian
5.4