Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-31829 Incorrect Authorization vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a.
local
low complexity
linux fedoraproject debian CWE-863
5.5
5.5
2021-05-06 CVE-2021-32052 Cross-site Scripting vulnerability in multiple products
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used).
network
low complexity
djangoproject fedoraproject CWE-79
6.1
6.1
2021-05-06 CVE-2021-32062 Path Traversal vulnerability in multiple products
MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).
network
low complexity
osgeo fedoraproject CWE-22
5.3
5.3
2021-05-05 CVE-2021-20254 A flaw was found in samba.
network
high complexity
samba fedoraproject redhat debian
6.8
6.8
2021-04-30 CVE-2021-21229 Origin Validation Error vulnerability in multiple products
Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
6.5
6.5
2021-04-30 CVE-2021-21228 Incorrect Authorization vulnerability in multiple products
Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
network
low complexity
google debian fedoraproject CWE-863
4.3
4.3
2021-04-30 CVE-2021-29463 Out-of-bounds Read vulnerability in multiple products
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files.
local
low complexity
exiv2 fedoraproject CWE-125
5.5
5.5
2021-04-30 CVE-2021-20266 A flaw was found in RPM's hdrblobInit() in lib/header.c.
network
low complexity
rpm fedoraproject
4.9
4.9
2021-04-29 CVE-2020-15225 django-filter is a generic system for filtering Django QuerySets based on user selections.
network
low complexity
django-filter-project fedoraproject
6.5
6.5
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5
6.5