Vulnerabilities (CVE)

Total 171162 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30623 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30623 Use after free in Bookmarks
CVE-2021-30622 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVE-2021-30621 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVE-2021-30620 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVE-2021-30619 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVE-2021-30618 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVE-2021-30617 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-30616 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30616 Use after free in Media
CVE-2021-30615 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVE-2021-30614 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVE-2021-30613 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30613 Use after free in Base internals
CVE-2021-30612 3 Fedoraproject, Google, Linux 4 Fedora, Chrome, Chrome Os and 1 more 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30612 Use after free in WebRTC
CVE-2021-30611 3 Fedoraproject, Google, Linux 4 Fedora, Chrome, Chrome Os and 1 more 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30611 Use after free in WebRTC
CVE-2021-30610 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30610 Use after free in Extensions API
CVE-2021-30609 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30609 Use after free in Sign-In
CVE-2021-30608 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30608 Use after free in Web Share
CVE-2021-30607 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-30606 2 Fedoraproject, Google 2 Fedora, Chrome 2021-09-24 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30606 Use after free in Blink
CVE-2021-39164 2 Fedoraproject, Matrix 2 Fedora, Synapse 2021-09-24 3.5 LOW 3.1 LOW
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.
CVE-2021-39163 2 Fedoraproject, Matrix 2 Fedora, Synapse 2021-09-24 3.5 LOW 3.1 LOW
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`.