Vulnerabilities > Fedoraproject > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-08 | CVE-2021-22004 | Race Condition vulnerability in multiple products An issue was discovered in SaltStack Salt before 3003.3. | 6.4 |
2021-09-06 | CVE-2021-40529 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
2021-09-06 | CVE-2021-40530 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. | 5.9 |
2021-09-03 | CVE-2021-30615 | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | 6.5 |
2021-09-03 | CVE-2021-30617 | Chromium: CVE-2021-30617 Policy bypass in Blink | 6.5 |
2021-09-03 | CVE-2021-30619 | Authentication Bypass by Spoofing vulnerability in multiple products Chromium: CVE-2021-30619 UI Spoofing in Autofill | 6.5 |
2021-09-03 | CVE-2021-30621 | Authentication Bypass by Spoofing vulnerability in multiple products Chromium: CVE-2021-30621 UI Spoofing in Autofill | 6.5 |
2021-09-03 | CVE-2021-39191 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. | 6.1 |
2021-08-31 | CVE-2021-3634 | Out-of-bounds Write vulnerability in multiple products A flaw has been found in libssh in versions prior to 0.9.6. | 6.5 |
2021-08-30 | CVE-2021-34434 | Incorrect Authorization vulnerability in multiple products In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | 5.3 |