Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 128 of 264
CVE-2021-21201CRITICALCVSS 9.6v32v33+1 more2021-04-26
CVE-2021-21201 [CRITICAL] CWE-416 CVE-2021-21201: Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who h
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-21214HIGHCVSS 8.8v32v33+1 more2021-04-26
CVE-2021-21214 [HIGH] CWE-416 CVE-2021-21214: Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to po
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2021-21202HIGHCVSS 8.6v32v33+1 more2021-04-26
CVE-2021-21202 [HIGH] CWE-416 CVE-2021-21202: Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convince
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2021-21207HIGHCVSS 8.6v32v33+1 more2021-04-26
CVE-2021-21207 [HIGH] CWE-416 CVE-2021-21207: Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
nvd
CVE-2021-21220HIGHCVSS 8.8KEVPoCv32v33+1 more2021-04-26
CVE-2021-21220 [HIGH] CWE-787 CVE-2021-21220: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a r
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21205HIGHCVSS 8.1v32v33+1 more2021-04-26
CVE-2021-21205 [HIGH] CVE-2021-21205: Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed
Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
nvd
CVE-2021-21224HIGHCVSS 8.8KEVv32v33+1 more2021-04-26
CVE-2021-21224 [HIGH] CWE-843 CVE-2021-21224: Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arb
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
nvd
CVE-2021-3472HIGHCVSS 7.8v32v33+1 more2021-04-26
CVE-2021-3472 [HIGH] CWE-191 CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xs
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
nvd
CVE-2020-15078HIGHCVSS 7.5v32v33+1 more2021-04-26
CVE-2020-15078 [HIGH] CWE-305 CVE-2020-15078: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access con
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
nvd
CVE-2021-21204HIGHCVSS 8.8v32v33+1 more2021-04-26
CVE-2021-21204 [HIGH] CWE-416 CVE-2021-21204: Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21213HIGHCVSS 8.8v32v33+1 more2021-04-26
CVE-2021-21213 [HIGH] CWE-416 CVE-2021-21213: Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potent
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21206HIGHCVSS 8.8KEVv32v33+1 more2021-04-26
CVE-2021-21206 [HIGH] CWE-416 CVE-2021-21206: Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potenti
Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21225HIGHCVSS 8.8v32v33+1 more2021-04-26
CVE-2021-21225 [HIGH] CWE-787 CVE-2021-21225: Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker t
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21203HIGHCVSS 8.8v32v33+1 more2021-04-26
CVE-2021-21203 [HIGH] CWE-416 CVE-2021-21203: Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentia
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-21210MEDIUMCVSS 6.5v32v33+1 more2021-04-26
CVE-2021-21210 [MEDIUM] CVE-2021-21210: Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote atta
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
nvd
CVE-2021-21221MEDIUMCVSS 6.5v32v33+1 more2021-04-26
CVE-2021-21221 [MEDIUM] CWE-20 CVE-2021-21221: Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-21208MEDIUMCVSS 6.5v32v33+1 more2021-04-26
CVE-2021-21208 [MEDIUM] CWE-20 CVE-2021-21208: Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an
Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an attacker displaying a QR code to perform domain spoofing via a crafted QR code.
nvd
CVE-2021-21219MEDIUMCVSS 5.5v32v33+1 more2021-04-26
CVE-2021-21219 [MEDIUM] CWE-252 CVE-2021-21219: Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
nvd
CVE-2021-21218MEDIUMCVSS 5.5v32v33+1 more2021-04-26
CVE-2021-21218 [MEDIUM] CWE-908 CVE-2021-21218: Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
nvd
CVE-2021-21215MEDIUMCVSS 6.5v32v33+1 more2021-04-26
CVE-2021-21215 [MEDIUM] CWE-290 CVE-2021-21215: Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote att
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
nvd