Fedoraproject Fedora vulnerabilities

5,277 known vulnerabilities affecting fedoraproject/fedora.

Total CVEs

5,277

CISA KEV

actively exploited

Public exploits

147

Exploited in wild

101

Severity breakdown

CRITICAL514HIGH2325MEDIUM2265LOW173

Vulnerabilities

Page 86 of 264

CVE-2022-0571MEDIUMCVSS 6.1v34v35+1 more2022-02-14

CVE-2022-0571 [MEDIUM] CWE-79 CVE-2022-0571: Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.

nvd

CVE-2022-0097CRITICALCVSS 9.6v34v35+1 more2022-02-12

CVE-2022-0097 [CRITICAL] CVE-2022-0097: Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.

nvd

CVE-2022-0103HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0103 [HIGH] CWE-416 CVE-2022-0103: Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to po Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0114HIGHCVSS 8.1v34v35+1 more2022-02-12

CVE-2022-0114 [HIGH] CWE-125 CVE-2022-0114: Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a rem Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.

nvd

CVE-2022-0107HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0107 [HIGH] CWE-416 CVE-2022-0107: Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an at Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0105HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0105 [HIGH] CWE-416 CVE-2022-0105: Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0106HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0106 [HIGH] CWE-416 CVE-2022-0106: Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who conv Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0102HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0102 [HIGH] CWE-843 CVE-2022-0102: Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0100HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0100 [HIGH] CWE-787 CVE-2022-0100: Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote at Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0101HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0101 [HIGH] CWE-787 CVE-2022-0101: Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker w Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.

nvd

CVE-2022-0099HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0099 [HIGH] CWE-416 CVE-2022-0099: Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convi Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.

nvd

CVE-2022-0098HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0098 [HIGH] CWE-416 CVE-2022-0098: Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an atta Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.

nvd

CVE-2022-0096HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0096 [HIGH] CWE-416 CVE-2022-0096: Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potent Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0104HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0104 [HIGH] CWE-787 CVE-2022-0104: Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to po Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2022-0115HIGHCVSS 8.8v34v35+1 more2022-02-12

CVE-2022-0115 [HIGH] CWE-908 CVE-2022-0115: Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to po Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

nvd

CVE-2022-0117MEDIUMCVSS 6.5v34v35+1 more2022-02-12

CVE-2022-0117 [MEDIUM] CWE-863 CVE-2022-0117: Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cros Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

CVE-2022-0118MEDIUMCVSS 4.3v34v35+1 more2022-02-12

CVE-2022-0118 [MEDIUM] CVE-2022-0118: Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote att Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2022-0109MEDIUMCVSS 6.5v34v35+1 more2022-02-12

CVE-2022-0109 [MEDIUM] CVE-2022-0109: Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote att Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

nvd

CVE-2022-0110MEDIUMCVSS 4.3v34v35+1 more2022-02-12

CVE-2022-0110 [MEDIUM] CWE-1021 CVE-2022-0110: Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker t Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

nvd

CVE-2022-0113MEDIUMCVSS 6.5v34v35+1 more2022-02-12

CVE-2022-0113 [MEDIUM] CWE-346 CVE-2022-0113: Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attack Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

nvd

← Previous86 / 264Next →