Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 4367 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30511 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 5.8 MEDIUM 8.1 HIGH
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
CVE-2021-30512 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30513 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30515 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30514 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30516 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-26690 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2021-12-01 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2020-35452 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2021-12-01 6.8 MEDIUM 7.3 HIGH
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2020-13950 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2021-12-01 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
CVE-2021-30525 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30538 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2021-30536 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 5.8 MEDIUM 8.1 HIGH
Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
CVE-2021-30530 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30521 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2021-30528 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30529 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30518 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30520 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30519 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30539 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 5.8 MEDIUM 5.4 MEDIUM
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.