Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVSS Score
9.8
EPSS Score
0.899
Published
2021-07-02
CVE-2021-36084
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVSS Score
3.3
EPSS Score
0.0
Published
2021-07-01
CVE-2021-36085
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVSS Score
3.3
EPSS Score
0.0
Published
2021-07-01
CVE-2021-36086
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVSS Score
3.3
EPSS Score
0.0
Published
2021-07-01
CVE-2021-36087
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
CVSS Score
3.3
EPSS Score
0.0
Published
2021-07-01
CVE-2021-3630
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-06-30
CVE-2021-33503
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-06-29
CVE-2021-33515
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
CVSS Score
4.8
EPSS Score
0.036
Published
2021-06-28
CVE-2020-28200
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
CVSS Score
4.3
EPSS Score
0.01
Published
2021-06-28
CVE-2021-29157
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved