fedoraproject

5,423 tracked vulnerabilities.

CVE-2021-32617 MEDIUM
exiv2 < 0.27.4 - Denial of Service via Crafted Image Metadata Writing
May 17, 2021
CVSS 4.7
EPSS 0.01
CVE-2021-3524 MEDIUM
Red Hat Ceph Storage RadosGW <14.2.21 - HTTP Header Injection
May 17, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-33034 HIGH
Linux kernel <5.12.4 - Use After Free
May 14, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-3402 CRITICAL
YARA < 4.0.4 - Integer Overflow and Buffer Overflow Read via Malicious Mach-O File
May 14, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-3537 MEDIUM
libxml2 < 2.9.11 - NULL Pointer Dereference via XML Mixed Content Parsing
May 14, 2021
CVSS 5.9
EPSS 0.04
CVE-2021-32613 MEDIUM
radare2 < 5.3.0 - Double Free in pyc Parser
May 14, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-29510 LOW
pydantic < 1.6.2 - Denial of Service via Infinite Loop in DateTime Validation
May 13, 2021
CVSS 3.3
EPSS 0.01
CVE-2021-29623 LOW
exiv2 < 0.27.4 - Use of Uninitialized Resource via Crafted Image File
May 13, 2021
CVSS 3.6
EPSS 0.01
CVE-2021-32921 MEDIUM
prosody < 0.11.9 - Timing Attack via Non-Constant-Time String Comparison
May 13, 2021
CVSS 5.9
EPSS 0.02
CVE-2021-32920 HIGH
prosody < 0.11.9 - Unauthenticated Denial of Service via SSL/TLS Renegotiation Flood
May 13, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-32919 HIGH
prosody 0.10.0-0.11.8 - Improper Certificate Validation in mod_dialback
May 13, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-32918 HIGH
prosody < 0.11.9 - Unauthenticated Denial of Service via Memory Exhaustion
May 13, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-32917 MEDIUM
prosody < 0.11.9 - Unauthenticated Bandwidth Abuse via proxy65 Component
May 13, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-21424 MEDIUM
Symfony 3.4.0-3.4.48 - Unauthorized User Enumeration via Switch User Functionality
May 13, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-31215 HIGH
Slurm <20.02.7 & 20.03.x-20.11.x<20.11.7 RCE via PrologSlurmctld/EpilogSlurmctld
May 13, 2021
CVSS 8.8
EPSS 0.03
CVE-2021-23134 HIGH
Linux Kernel <5.12.4 - Privilege Escalation
May 12, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-20277 HIGH
Samba 4.0.0-4.12.12 - Denial of Service via LDAP Attribute with Leading Spaces
May 12, 2021
CVSS 7.5
EPSS 0.04
CVE-2021-3504 MEDIUM
hivex < 1.3.20 - Out-of-bounds Read in hivex_open Function
May 11, 2021
CVSS 5.4
EPSS 0.02
CVE-2021-32606 HIGH
Linux Kernel 5.11-5.12.2 - Use-After-Free in CAN ISOTP Setsockopt
May 11, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-31204 HIGH
.NET 5.0-5.0.4 and .NET Core 3.1-3.1.13 - Elevation of Privilege
May 11, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-29471 LOW
Synapse < 1.33.2 - Denial of Service via Push Rule Event Match Pattern
May 11, 2021
CVSS 3.7
EPSS 0.02
CVE-2021-32056 MEDIUM
Cyrus IMAP < 3.2.7 and 3.3.x-3.4.x < 3.4.1 - Authenticated Access Control Bypass via Server Annotations
May 10, 2021
CVSS 4.3
EPSS 0.02
CVE-2021-21419 MEDIUM
eventlet >=0.10 <0.31.0 - Uncontrolled Resource Consumption via WebSocket Frame
May 07, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-32052 MEDIUM
Django 2.2-2.2.21, 3.1-3.1.9, 3.2-3.2.1 - Header Injection via URLValidator
May 06, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-31829 MEDIUM
Linux Kernel < 5.12.1 - Information Disclosure via BPF Stack Speculative Loads
May 06, 2021
CVSS 5.5
EPSS 0.00