Vulnerabilities (CVE)

Filtered by vendor Fedoraproject Subscribe
Total 5177 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30551 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-29 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30554 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-29 6.8 MEDIUM 8.8 HIGH
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30858 3 Apple, Debian, Fedoraproject 5 Ipados, Iphone Os, Macos and 2 more 2024-07-29 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2024-5585 2 Fedoraproject, Php 2 Fedora, Php 2024-07-28 N/A 8.8 HIGH
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
CVE-2024-5458 2 Fedoraproject, Php 2 Fedora, Php 2024-07-28 N/A 5.3 MEDIUM
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
CVE-2021-21193 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-26 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-1870 3 Apple, Fedoraproject, Webkitgtk 6 Ipad Os, Iphone Os, Mac Os X and 3 more 2024-07-26 7.5 HIGH 9.8 CRITICAL
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2021-1871 3 Apple, Debian, Fedoraproject 6 Ipad Os, Iphone Os, Mac Os X and 3 more 2024-07-26 7.5 HIGH 9.8 CRITICAL
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVE-2020-16846 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-07-26 7.5 HIGH 9.8 CRITICAL
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVE-2021-41773 4 Apache, Fedoraproject, Netapp and 1 more 4 Http Server, Fedora, Cloud Backup and 1 more 2024-07-26 4.3 MEDIUM 7.5 HIGH
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
CVE-2021-42013 4 Apache, Fedoraproject, Netapp and 1 more 6 Http Server, Fedora, Cloud Backup and 3 more 2024-07-26 7.5 HIGH 9.8 CRITICAL
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
CVE-2021-30632 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-26 6.8 MEDIUM 8.8 HIGH
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30633 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-26 6.8 MEDIUM 9.6 CRITICAL
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-37973 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-26 6.8 MEDIUM 9.6 CRITICAL
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-37975 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-26 6.8 MEDIUM 8.8 HIGH
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37976 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-26 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2021-21148 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-25 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21166 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-25 6.8 MEDIUM 8.8 HIGH
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21224 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-07-25 6.8 MEDIUM 8.8 HIGH
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2021-21220 2 Fedoraproject, Google 2 Fedora, Chrome 2024-07-25 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.