Fedoraproject Fedora vulnerabilities
5,277 known vulnerabilities affecting fedoraproject/fedora.
Total CVEs
5,277
CISA KEV
84
actively exploited
Public exploits
147
Exploited in wild
101
Severity breakdown
CRITICAL514HIGH2325MEDIUM2265LOW173
Vulnerabilities
Page 93 of 264
CVE-2021-4182HIGHCVSS 7.5v34v352021-12-30
CVE-2021-4182 [HIGH] CWE-835 CVE-2021-4182: Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
nvd
CVE-2021-4186HIGHCVSS 7.5v34v352021-12-30
CVE-2021-4186 [HIGH] CWE-476 CVE-2021-4186: Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet inje
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
nvd
CVE-2021-4185HIGHCVSS 7.5v34v352021-12-30
CVE-2021-4185 [HIGH] CWE-835 CVE-2021-4185: Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
nvd
CVE-2021-4184HIGHCVSS 7.5v34v352021-12-30
CVE-2021-4184 [HIGH] CWE-835 CVE-2021-4184: Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial o
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
nvd
CVE-2021-4181HIGHCVSS 7.5v34v352021-12-30
CVE-2021-4181 [HIGH] CWE-125 CVE-2021-4181: Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
nvd
CVE-2021-4190HIGHCVSS 7.5v34v352021-12-30
CVE-2021-4190 [HIGH] CWE-834 CVE-2021-4190: Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection o
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
nvd
CVE-2021-4183MEDIUMCVSS 5.5v34v352021-12-30
CVE-2021-4183 [MEDIUM] CWE-125 CVE-2021-4183: Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
nvd
CVE-2021-23727HIGHCVSS 7.5v352021-12-29
CVE-2021-23727 [HIGH] CWE-77 CVE-2021-23727: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulner
nvd
CVE-2021-44832MEDIUMCVSS 6.6Exploitedv34v352021-12-28
CVE-2021-44832 [MEDIUM] CWE-20 CVE-2021-44832: Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) a
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java
nvd
CVE-2021-45474MEDIUMCVSS 6.1v352021-12-24
CVE-2021-45474 [MEDIUM] CWE-79 CVE-2021-45474: In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
nvd
CVE-2021-45471MEDIUMCVSS 5.3v352021-12-24
CVE-2021-45471 [MEDIUM] CVE-2021-45471: In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
nvd
CVE-2021-45472MEDIUMCVSS 6.1v352021-12-24
CVE-2021-45472 [MEDIUM] CWE-79 CVE-2021-45472: In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can hav
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.
nvd
CVE-2021-45473MEDIUMCVSS 6.1v352021-12-24
CVE-2021-45473 [MEDIUM] CWE-79 CVE-2021-45473: In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).
nvd
CVE-2021-38013CRITICALCVSS 9.6v342021-12-23
CVE-2021-38013 [CRITICAL] CWE-787 CVE-2021-38013: Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 a
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-4052HIGHCVSS 8.8v342021-12-23
CVE-2021-4052 [HIGH] CWE-416 CVE-2021-4052: Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced
Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
nvd
CVE-2021-4064HIGHCVSS 8.8v342021-12-23
CVE-2021-4064 [HIGH] CWE-416 CVE-2021-4064: Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote
Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38015HIGHCVSS 8.8v342021-12-23
CVE-2021-38015 [HIGH] CWE-20 CVE-2021-38015: Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who
Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.
nvd
CVE-2021-4061HIGHCVSS 8.8v342021-12-23
CVE-2021-4061 [HIGH] CWE-843 CVE-2021-4061: Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38016HIGHCVSS 8.8v342021-12-23
CVE-2021-38016 [HIGH] CWE-863 CVE-2021-38016: Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
nvd
CVE-2021-4055HIGHCVSS 8.8v342021-12-23
CVE-2021-4055 [HIGH] CWE-787 CVE-2021-4055: Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who co
Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
nvd