Fedoraproject Fedora vulnerabilities

5,277 known vulnerabilities affecting fedoraproject/fedora.

Total CVEs

5,277

CISA KEV

actively exploited

Public exploits

147

Exploited in wild

101

Severity breakdown

CRITICAL514HIGH2325MEDIUM2265LOW173

Vulnerabilities

Page 121 of 264

CVE-2021-30475CRITICALCVSS 9.8v342021-06-04

CVE-2021-30475 [CRITICAL] CWE-120 CVE-2021-30475: aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow. aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.

nvd

CVE-2021-30508HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30508 [HIGH] CWE-787 CVE-2021-30508: Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30517HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30517 [HIGH] CWE-843 CVE-2021-30517: Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-28091HIGHCVSS 7.5v33v342021-06-04

CVE-2021-28091 [HIGH] CWE-347 CVE-2021-28091: Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

nvd

CVE-2021-30513HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30513 [HIGH] CWE-843 CVE-2021-30513: Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentiall Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30506HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30506 [HIGH] CWE-74 CVE-2021-30506: Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.

nvd

CVE-2021-30515HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30515 [HIGH] CWE-416 CVE-2021-30515: Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to pote Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30511HIGHCVSS 8.1v33v342021-06-04

CVE-2021-30511 [HIGH] CWE-125 CVE-2021-30511: Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who con Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

nvd

CVE-2021-30520HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30520 [HIGH] CWE-416 CVE-2021-30520: Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convince Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30509HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30509 [HIGH] CWE-787 CVE-2021-30509: Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who con Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.

nvd

CVE-2021-30518HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30518 [HIGH] CWE-787 CVE-2021-30518: Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacke Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30516HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30516 [HIGH] CWE-787 CVE-2021-30516: Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker wh Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30510HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30510 [HIGH] CWE-416 CVE-2021-30510: Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentia Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30507HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30507 [HIGH] CWE-829 CVE-2021-30507: Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.

nvd

CVE-2021-30519HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30519 [HIGH] CWE-416 CVE-2021-30519: Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30512HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30512 [HIGH] CWE-416 CVE-2021-30512: Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker wh Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-30514HIGHCVSS 8.8v33v342021-06-04

CVE-2021-30514 [HIGH] CWE-416 CVE-2021-30514: Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-3565MEDIUMCVSS 5.9v33v342021-06-04

CVE-2021-3565 [MEDIUM] CWE-665 CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed A A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

nvd

CVE-2021-25288CRITICALCVSS 9.1v332021-06-02

CVE-2021-25288 [CRITICAL] CWE-125 CVE-2021-25288: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

nvd

CVE-2021-25287CRITICALCVSS 9.1v332021-06-02

CVE-2021-25287 [CRITICAL] CWE-125 CVE-2021-25287: An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

nvd

← Previous121 / 264Next →