Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-20 CVE-2021-28950 Excessive Iteration vulnerability in multiple products
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8.
local
low complexity
linux fedoraproject debian CWE-834
5.5
5.5
2021-03-19 CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache fedoraproject oracle
5.5
5.5
2021-03-19 CVE-2021-27807 Excessive Iteration vulnerability in multiple products
A carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache fedoraproject oracle CWE-834
5.5
5.5
2021-03-19 CVE-2021-28090 Reachable Assertion vulnerability in multiple products
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
network
low complexity
torproject fedoraproject CWE-617
5.3
5.3
2021-03-18 CVE-2021-3416 A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0.
local
low complexity
qemu fedoraproject redhat debian
6.0
6.0
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
5.5
5.5
2021-03-15 CVE-2021-20283 Missing Authorization vulnerability in multiple products
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3
2021-03-15 CVE-2021-20282 When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject
5.3
5.3
2021-03-15 CVE-2021-20281 Incorrect Authorization vulnerability in multiple products
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-863
5.3
5.3
2021-03-15 CVE-2021-20280 Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject
5.4
5.4