Filtered by vendor Fedoraproject
Subscribe
Total
4434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-30626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-30627 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-30628 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | |||||
CVE-2021-30633 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 9.6 CRITICAL |
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2021-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | |||||
CVE-2021-30543 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-30542 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-11-23 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-30846 | 3 Apple, Debian, Fedoraproject | 8 Ipados, Iphone Os, Macos and 5 more | 2021-11-23 | 6.8 MEDIUM | 7.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2020-15114 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2021-11-18 | 4.0 MEDIUM | 7.7 HIGH |
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. | |||||
CVE-2020-15136 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2021-11-18 | 5.8 MEDIUM | 6.5 MEDIUM |
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. | |||||
CVE-2020-15106 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2021-11-18 | 4.0 MEDIUM | 6.5 MEDIUM |
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. | |||||
CVE-2020-15112 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2021-11-18 | 4.0 MEDIUM | 6.5 MEDIUM |
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. | |||||
CVE-2020-15103 | 4 Canonical, Fedoraproject, Freerdp and 1 more | 4 Ubuntu Linux, Fedora, Freerdp and 1 more | 2021-11-18 | 3.5 LOW | 3.5 LOW |
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto | |||||
CVE-2020-15238 | 3 Blueman Project, Debian, Fedoraproject | 3 Blueman, Debian Linux, Fedora | 2021-11-18 | 6.9 MEDIUM | 7.0 HIGH |
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules. | |||||
CVE-2021-30622 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
Chromium: CVE-2021-30622 Use after free in WebApp Installs | |||||
CVE-2021-30624 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
Chromium: CVE-2021-30624 Use after free in Autofill | |||||
CVE-2021-30623 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
Chromium: CVE-2021-30623 Use after free in Bookmarks | |||||
CVE-2021-30621 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 4.3 MEDIUM | 6.5 MEDIUM |
Chromium: CVE-2021-30621 UI Spoofing in Autofill | |||||
CVE-2021-30620 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2021-11-18 | 6.8 MEDIUM | 8.8 HIGH |
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink |