Fedoraproject Fedora vulnerabilities

5,277 known vulnerabilities affecting fedoraproject/fedora.

Total CVEs

5,277

CISA KEV

actively exploited

Public exploits

147

Exploited in wild

101

Severity breakdown

CRITICAL514HIGH2325MEDIUM2265LOW173

Vulnerabilities

Page 94 of 264

CVE-2021-4062HIGHCVSS 8.8v342021-12-23

CVE-2021-4062 [HIGH] CWE-787 CVE-2021-4062: Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-3621HIGHCVSS 8.8v342021-12-23

CVE-2021-3621 [HIGH] CWE-77 CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrit

nvd

CVE-2021-38017HIGHCVSS 8.8v342021-12-23

CVE-2021-38017 [HIGH] CWE-863 CVE-2021-38017: Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a r Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

nvd

CVE-2021-38014HIGHCVSS 8.8v342021-12-23

CVE-2021-38014 [HIGH] CWE-787 CVE-2021-38014: Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-38011HIGHCVSS 8.8v342021-12-23

CVE-2021-38011 [HIGH] CWE-416 CVE-2021-38011: Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacke Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-38007HIGHCVSS 8.8v342021-12-23

CVE-2021-38007 [HIGH] CWE-843 CVE-2021-38007: Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4056HIGHCVSS 8.8v342021-12-23

CVE-2021-4056 [HIGH] CWE-843 CVE-2021-4056: Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potenti Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-38005HIGHCVSS 8.8v342021-12-23

CVE-2021-38005 [HIGH] CWE-416 CVE-2021-38005: Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potenti Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-45463HIGHCVSS 7.8v34v352021-12-23

CVE-2021-45463 [HIGH] CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command lin load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GI

nvd

CVE-2021-38008HIGHCVSS 8.8v342021-12-23

CVE-2021-38008 [HIGH] CWE-416 CVE-2021-38008: Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentia Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4063HIGHCVSS 8.8v342021-12-23

CVE-2021-4063 [HIGH] CWE-416 CVE-2021-4063: Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker t Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-45469HIGHCVSS 7.8v34v352021-12-23

CVE-2021-45469 [HIGH] CWE-125 CVE-2021-45469: In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.

nvd

CVE-2021-4053HIGHCVSS 8.8v342021-12-23

CVE-2021-4053 [HIGH] CWE-416 CVE-2021-4053: Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to po Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4067HIGHCVSS 8.8v342021-12-23

CVE-2021-4067 [HIGH] CWE-416 CVE-2021-4067: Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4058HIGHCVSS 8.8v342021-12-23

CVE-2021-4058 [HIGH] CWE-787 CVE-2021-4058: Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to po Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-38006HIGHCVSS 8.8v342021-12-23

CVE-2021-38006 [HIGH] CWE-416 CVE-2021-38006: Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacke Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4066HIGHCVSS 8.8v342021-12-23

CVE-2021-4066 [HIGH] CWE-191 CVE-2021-4066: Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to poten Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4057HIGHCVSS 8.8v342021-12-23

CVE-2021-4057 [HIGH] CWE-416 CVE-2021-4057: Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-38012HIGHCVSS 8.8v342021-12-23

CVE-2021-38012 [HIGH] CWE-843 CVE-2021-38012: Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

CVE-2021-4065HIGHCVSS 8.8v342021-12-23

CVE-2021-4065 [HIGH] CWE-416 CVE-2021-4065: Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to poten Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

nvd

← Previous94 / 264Next →