Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-22004 Race Condition vulnerability in multiple products
An issue was discovered in SaltStack Salt before 3003.3.
local
high complexity
saltstack fedoraproject CWE-362
6.4
2021-09-06 CVE-2021-40529 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
botan-project fedoraproject mozilla CWE-327
5.9
2021-09-06 CVE-2021-40530 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.
network
high complexity
cryptopp fedoraproject CWE-327
5.9
2021-09-03 CVE-2021-30615 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
network
low complexity
fedoraproject microsoft
6.5
2021-09-03 CVE-2021-30617 Chromium: CVE-2021-30617 Policy bypass in Blink
network
low complexity
fedoraproject microsoft
6.5
2021-09-03 CVE-2021-30619 Authentication Bypass by Spoofing vulnerability in multiple products
Chromium: CVE-2021-30619 UI Spoofing in Autofill
network
low complexity
fedoraproject microsoft CWE-290
6.5
2021-09-03 CVE-2021-30621 Authentication Bypass by Spoofing vulnerability in multiple products
Chromium: CVE-2021-30621 UI Spoofing in Autofill
network
low complexity
fedoraproject microsoft CWE-290
6.5
2021-09-03 CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider.
network
low complexity
openidc fedoraproject debian
6.1
2021-08-31 CVE-2021-3634 Out-of-bounds Write vulnerability in multiple products
A flaw has been found in libssh in versions prior to 0.9.6.
6.5
2021-08-30 CVE-2021-34434 Incorrect Authorization vulnerability in multiple products
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
network
low complexity
eclipse fedoraproject CWE-863
5.3