Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fedoraproject Subscribe
Filtered by product Fedora
Total 2520 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3565 3 Fedoraproject, Redhat, Tpm2-tools Project 3 Fedora, Enterprise Linux, Tpm2-tools 2021-12-02 4.3 MEDIUM 5.9 MEDIUM
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-30506 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2021-30517 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30508 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30512 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30513 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30510 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30509 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension.
CVE-2021-30511 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 5.8 MEDIUM 8.1 HIGH
Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.
CVE-2021-30507 2 Fedoraproject, Google 3 Fedora, Android, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2021-30516 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30515 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30514 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-41190 2 Fedoraproject, Linuxfoundation 3 Fedora, Open Container Initiative Distribution Specification, Open Container Initiative Image Format Specification 2021-12-01 4.0 MEDIUM 5.0 MEDIUM
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields if they are unable to update to version 1.0.1 of the spec.
CVE-2021-31811 3 Apache, Fedoraproject, Oracle 8 Pdfbox, Fedora, Banking Corporate Lending Process Management and 5 more 2021-12-01 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812 3 Apache, Fedoraproject, Oracle 6 Pdfbox, Fedora, Banking Corporate Lending Process Management and 3 more 2021-12-01 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-26690 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2021-12-01 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2020-35452 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2021-12-01 6.8 MEDIUM 7.3 HIGH
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2020-13950 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2021-12-01 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
CVE-2021-30525 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.