Vulnerabilities > Fedoraproject > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-37220 | Out-of-bounds Write vulnerability in multiple products MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. | 5.5 |
| 2021-07-20 | CVE-2021-33910 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | 5.5 |
| 2021-07-20 | CVE-2021-36976 | Use After Free vulnerability in multiple products libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | 6.5 |
| 2021-07-20 | CVE-2021-36979 | Out-of-bounds Write vulnerability in multiple products Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb). | 5.5 |
| 2021-07-19 | CVE-2021-32760 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products containerd is a container runtime. | 6.3 |
| 2021-07-15 | CVE-2021-34558 | Improper Certificate Validation vulnerability in multiple products The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | 6.5 |
| 2021-07-14 | CVE-2021-36740 | HTTP Request Smuggling vulnerability in multiple products Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. network low complexity varnish-cache varnish-cache-project varnish-software fedoraproject debian CWE-444 | 6.5 |
| 2021-07-14 | CVE-2021-24119 | Information Exposure Through Discrepancy vulnerability in multiple products In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
| 2021-07-12 | CVE-2021-32703 | Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-07-12 | CVE-2021-32678 | Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |