Fedoraproject Fedora vulnerabilities

5,277 known vulnerabilities affecting fedoraproject/fedora.

Total CVEs

5,277

CISA KEV

actively exploited

Public exploits

147

Exploited in wild

101

Severity breakdown

CRITICAL514HIGH2325MEDIUM2265LOW173

Vulnerabilities

Page 120 of 264

CVE-2021-30527HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30527 [HIGH] CWE-416 CVE-2021-30527: Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a u Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30530HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30530 [HIGH] CWE-119 CVE-2021-30530: Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote atta Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

nvd

CVE-2021-30536HIGHCVSS 8.1v33v342021-06-07

CVE-2021-30536 [HIGH] CWE-125 CVE-2021-30536: Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potenti Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

nvd

CVE-2021-30526HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30526 [HIGH] CWE-787 CVE-2021-30526: Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convi Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

nvd

CVE-2021-30528HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30528 [HIGH] CWE-416 CVE-2021-30528: Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remo Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30535HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30535 [HIGH] CWE-415 CVE-2021-30535: Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially e Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30543HIGHCVSS 8.8v33v34+1 more2021-06-07

CVE-2021-30543 [HIGH] CWE-416 CVE-2021-30543: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30524HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30524 [HIGH] CWE-416 CVE-2021-30524: Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30542HIGHCVSS 8.8v33v34+1 more2021-06-07

CVE-2021-30542 [HIGH] CWE-416 CVE-2021-30542: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30522HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30522 [HIGH] CWE-416 CVE-2021-30522: Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to poten Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30529HIGHCVSS 8.8v33v342021-06-07

CVE-2021-30529 [HIGH] CWE-416 CVE-2021-30529: Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30539MEDIUMCVSS 5.4v33v342021-06-07

CVE-2021-30539 [MEDIUM] CWE-863 CVE-2021-30539: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 al Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2021-30532MEDIUMCVSS 4.3v33v342021-06-07

CVE-2021-30532 [MEDIUM] CVE-2021-30532: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 al Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2021-30540MEDIUMCVSS 6.5v33v342021-06-07

CVE-2021-30540 [MEDIUM] CWE-74 CVE-2021-30540: Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

nvd

CVE-2021-30533MEDIUMCVSS 6.5KEVv33v342021-06-07

CVE-2021-30533 [MEDIUM] CWE-863 CVE-2021-30533: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a rem Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

nvd

CVE-2021-33896MEDIUMCVSS 5.3v33v342021-06-07

CVE-2021-33896 [MEDIUM] CWE-22 CVE-2021-33896: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.

nvd

CVE-2021-30537MEDIUMCVSS 4.3v33v342021-06-07

CVE-2021-30537 [MEDIUM] CWE-863 CVE-2021-30537: Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote a Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.

nvd

CVE-2021-30534MEDIUMCVSS 6.5v33v342021-06-07

CVE-2021-30534 [MEDIUM] CWE-863 CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a re Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

nvd

CVE-2021-30538MEDIUMCVSS 4.3v33v342021-06-07

CVE-2021-30538 [MEDIUM] CWE-863 CVE-2021-30538: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 al Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

CVE-2021-30531MEDIUMCVSS 6.5v33v342021-06-07

CVE-2021-30531 [MEDIUM] CVE-2021-30531: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 al Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

nvd

← Previous120 / 264Next →