Total
171162 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30623 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30623 Use after free in Bookmarks | |||||
| CVE-2021-30622 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30622 Use after free in WebApp Installs | |||||
| CVE-2021-30621 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Chromium: CVE-2021-30621 UI Spoofing in Autofill | |||||
| CVE-2021-30620 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink | |||||
| CVE-2021-30619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Chromium: CVE-2021-30619 UI Spoofing in Autofill | |||||
| CVE-2021-30618 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30618 Inappropriate implementation in DevTools | |||||
| CVE-2021-30617 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Chromium: CVE-2021-30617 Policy bypass in Blink | |||||
| CVE-2021-30616 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30616 Use after free in Media | |||||
| CVE-2021-30615 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Chromium: CVE-2021-30615 Cross-origin data leak in Navigation | |||||
| CVE-2021-30614 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip | |||||
| CVE-2021-30613 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30613 Use after free in Base internals | |||||
| CVE-2021-30612 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30612 Use after free in WebRTC | |||||
| CVE-2021-30611 | 3 Fedoraproject, Google, Linux | 4 Fedora, Chrome, Chrome Os and 1 more | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30611 Use after free in WebRTC | |||||
| CVE-2021-30610 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30610 Use after free in Extensions API | |||||
| CVE-2021-30609 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30609 Use after free in Sign-In | |||||
| CVE-2021-30608 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30608 Use after free in Web Share | |||||
| CVE-2021-30607 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30607 Use after free in Permissions | |||||
| CVE-2021-30606 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| Chromium: CVE-2021-30606 Use after free in Blink | |||||
| CVE-2021-39164 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-09-24 | 3.5 LOW | 3.1 LOW |
| Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter. | |||||
| CVE-2021-39163 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-09-24 | 3.5 LOW | 3.1 LOW |
| Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups (communities). By default, only homeserver administrators can create groups. However, homeserver administrators can already access this information in the database or using the admin API. As a result, only homeservers where the configuration setting `enable_group_creation` has been set to `true` are impacted. Server administrators should upgrade to 1.41.1 or higher to patch the vulnerability. There are two potential workarounds. Server administrators can set `enable_group_creation` to `false` in their homeserver configuration (this is the default value) to prevent creation of groups by non-administrators. Administrators that are using a reverse proxy could, with partial loss of group functionality, block the endpoints `/_matrix/client/r0/groups/{group_id}/rooms` and `/_matrix/client/unstable/groups/{group_id}/rooms`. | |||||