Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 5046 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35042 2 Djangoproject, Fedoraproject 2 Django, Fedora 2023-12-10 7.5 HIGH 9.8 CRITICAL
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVE-2021-30549 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-1801 3 Apple, Fedoraproject, Webkitgtk 7 Ipad Os, Iphone Os, Macos and 4 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
CVE-2021-30591 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-13950 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
CVE-2021-30607 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2023-12-10 6.8 MEDIUM 8.8 HIGH
Chromium: CVE-2021-30607 Use after free in Permissions
CVE-2021-21195 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-39145 5 Debian, Fedoraproject, Netapp and 2 more 15 Debian Linux, Fedora, Snapmanager and 12 more 2023-12-10 6.0 MEDIUM 8.5 HIGH
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
CVE-2021-30520 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30506 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2021-3673 2 Fedoraproject, Radare 2 Fedora, Radare2 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.
CVE-2021-30514 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-25672 4 Debian, Fedoraproject, Linux and 1 more 23 Debian Linux, Fedora, Linux Kernel and 20 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
A memory leak vulnerability was found in Linux kernel in llcp_sock_connect
CVE-2021-30617 2 Fedoraproject, Microsoft 3 Fedora, Edge, Edge Chromium 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Chromium: CVE-2021-30617 Policy bypass in Blink
CVE-2021-39272 2 Fedoraproject, Fetchmail 2 Fedora, Fetchmail 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVE-2020-27840 3 Debian, Fedoraproject, Samba 3 Debian Linux, Fedora, Samba 2023-12-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
CVE-2021-39144 5 Debian, Fedoraproject, Netapp and 2 more 15 Debian Linux, Fedora, Snapmanager and 12 more 2023-12-10 6.0 MEDIUM 8.5 HIGH
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
CVE-2021-21233 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30530 2 Fedoraproject, Google 2 Fedora, Chrome 2023-12-10 6.8 MEDIUM 8.8 HIGH
Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30184 2 Fedoraproject, Gnu 2 Fedora, Chess 2023-12-10 6.8 MEDIUM 7.8 HIGH
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.