Total
5316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21154 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21113 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-20225 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-21169 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-21149 | 3 Fedoraproject, Google, Linux | 3 Fedora, Chrome, Linux Kernel | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2021-21222 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2021-21227 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21215 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2021-21161 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21180 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21142 | 3 Apple, Fedoraproject, Google | 3 Macos, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21198 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 7.4 HIGH |
| Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-20281 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | |||||
| CVE-2021-20266 | 2 Fedoraproject, Rpm | 2 Fedora, Rpm | 2023-11-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-21213 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21218 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2021-21164 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2021-21274 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. | |||||
| CVE-2021-21226 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21167 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||