Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-15 CVE-2021-20279 Cross-site Scripting vulnerability in multiple products
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
network
low complexity
moodle fedoraproject CWE-79
5.4
5.4
2021-03-15 CVE-2021-28363 Improper Certificate Validation vulnerability in multiple products
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies.
network
low complexity
python fedoraproject oracle CWE-295
6.5
6.5
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome debian fedoraproject broadcom CWE-59
5.3
5.3
2021-03-11 CVE-2021-27919 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.
local
low complexity
golang fedoraproject
5.5
5.5
2021-03-10 CVE-2021-21334 In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers.
network
high complexity
linuxfoundation fedoraproject
6.3
6.3
2021-03-10 CVE-2021-20205 Divide By Zero vulnerability in multiple products
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image.
network
low complexity
libjpeg-turbo fedoraproject CWE-369
6.5
6.5
2021-03-09 CVE-2021-28116 Out-of-bounds Read vulnerability in multiple products
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data.
network
low complexity
squid-cache fedoraproject debian CWE-125
5.3
5.3
2021-03-09 CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c.
local
low complexity
libtiff netapp fedoraproject redhat
5.5
5.5
2021-03-09 CVE-2020-35521 A flaw was found in libtiff.
local
low complexity
libtiff redhat fedoraproject netapp
5.5
5.5
2021-03-09 CVE-2021-20246 A flaw was found in ImageMagick in MagickCore/resample.c.
local
low complexity
imagemagick redhat fedoraproject debian
5.5
5.5