fedoraproject

5,420 tracked vulnerabilities.

CVE-2021-41772 HIGH
GO < 1.16.10 - Improper Input Validation
Nov 08, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-41771 HIGH
GO < 1.16.10 - Memory Corruption
Nov 08, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-42072 HIGH
Barrier < 2.4.0 - Improper Authentication
Nov 08, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-35368 CRITICAL
OWASP ModSecurity Core Rule Set <3.1.2-3.3.2 - CSRF
Nov 05, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-3928 HIGH
vim < 8.2.3582 - Use of Uninitialized Variable
Nov 05, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-3927 HIGH
vim < 8.2.3581 - Heap-based Buffer Overflow
Nov 05, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-27836 MEDIUM
libxls 1.6.2 - Denial of Service via Crafted XLS File
Nov 03, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-43267 CRITICAL
Linux Kernel < 5.14.16 - Remote Denial of Service via TIPC MSG_CRYPTO Size Validation
Nov 02, 2021
CVSS 9.8
EPSS 0.73
CVE-2021-37980 HIGH
Google Chrome <94.0.4606.81 - Info Disclosure
Nov 02, 2021
CVSS 7.4
EPSS 0.00
CVE-2021-37979 HIGH
Google Chrome < 94.0.4606.81 - Heap Buffer Overflow in WebRTC
Nov 02, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-37978 HIGH
Google Chrome < 94.0.4606.81 - Heap Buffer Overflow in Blink via Crafted HTML Page
Nov 02, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-37977 HIGH
Google Chrome < 94.0.4606.81 - Use-After-Free in Garbage Collection
Nov 02, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-42574 HIGH
Unicode < 14.0.0 - Code Injection via Bidirectional Algorithm Control Sequences
Nov 01, 2021
CVSS 8.3
EPSS 0.25
CVE-2021-3756 CRITICAL
libmysofa < 1.2.1 - Heap-based Buffer Overflow
Oct 29, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-43056 MEDIUM
Linux kernel <5.14.15 - Use After Free
Oct 28, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-3903 HIGH
vim < 8.2.3564 - Heap-based Buffer Overflow
Oct 27, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-25219 MEDIUM
BIND 9.3.0-9.17.18 - Denial of Service via Lame Cache Exploitation
Oct 27, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-41184 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.31
CVE-2021-41183 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-41182 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.28
CVE-2021-21703 HIGH
PHP 7.3.x<=7.3.31 7.4.x<7.4.25 8.0.x<8.0.12 - Privilege Escalation via FPM Shared Memory
Oct 25, 2021
CVSS 7.8
EPSS 0.00
CVE-2021-42716 HIGH
stb_image.h 2.27 - Buffer Overflow in PNM Loader via 16-bit PGM File Handling
Oct 21, 2021
CVSS 7.1
EPSS 0.00
CVE-2021-42715 MEDIUM
stb_image.h 1.33-2.27 - Denial of Service via Truncated HDR RLE Scanlines
Oct 21, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-41160 MEDIUM
FreeRDP < 2.4.1 - Out-of-bounds Write via GDI or SurfaceCommands Graphics Updates
Oct 21, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-41159 MEDIUM
FreeRDP < 2.4.1 - Out-of-bounds Write via Gateway RPC Connection
Oct 21, 2021
CVSS 5.8
EPSS 0.00
Products
fedora 5,351 extra_packages_for_enterprise_linux 76 389_directory_server 39 sssd 18 fedora_core 8 389_administration_server 1 anaconda 1 arm_installer 1 commons 1 coolkey 1 crypto-utils 1 fedmsg 1 fedora_linux_kernel 1 python-fedora 1 sectool 1 selinux-policy 1 spin-kickstarts 1 supybot-fedora 1 unbound 1
Quick Filters
Critical CVEs With Exploits In CISA KEV