Filtered by vendor Fedoraproject
Subscriptions
Total
5402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30632 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30633 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 9.6 Critical |
| Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-37973 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 9.6 Critical |
| Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-21220 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21224 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||||
| CVE-2021-30533 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 6.5 Medium |
| Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe. | ||||
| CVE-2021-30551 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-30554 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-6418 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2025-10-24 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21148 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 8.8 High |
| Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21166 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 8.8 High |
| Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21193 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-10-24 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21206 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-15999 | 7 Debian, Fedoraproject, Freetype and 4 more | 10 Debian Linux, Fedora, Freetype and 7 more | 2025-10-24 | 9.6 Critical |
| Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-16009 | 7 Cefsharp, Debian, Fedoraproject and 4 more | 9 Cefsharp, Debian Linux, Fedora and 6 more | 2025-10-24 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2023-7101 | 3 Debian, Fedoraproject, Jmcnamara | 3 Debian Linux, Fedora, Spreadsheet\ | 2025-10-24 | 7.8 High |
| Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. | ||||
| CVE-2021-39144 | 6 Debian, Fedoraproject, Netapp and 3 more | 22 Debian Linux, Fedora, Snapmanager and 19 more | 2025-10-24 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39226 | 3 Fedoraproject, Grafana, Redhat | 5 Fedora, Grafana, Enterprise Linux and 2 more | 2025-10-24 | 9.8 Critical |
| Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. | ||||
| CVE-2022-2856 | 5 Apple, Fedoraproject, Google and 2 more | 6 Macos, Fedora, Android and 3 more | 2025-10-24 | 6.5 Medium |
| Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | ||||
| CVE-2022-3038 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-10-24 | 8.8 High |
| Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||