Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-21113 |
Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: January 08, 2021; 2:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-21112 |
Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: January 08, 2021; 2:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-21111 |
Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Published: January 08, 2021; 2:15:15 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-21110 |
Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Published: January 08, 2021; 2:15:15 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-21109 |
Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: January 08, 2021; 2:15:15 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-21108 |
Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: January 08, 2021; 2:15:14 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-21107 |
Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: January 08, 2021; 2:15:14 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2021-21106 |
Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Published: January 08, 2021; 2:15:14 PM -0500 |
V3.1: 9.6 CRITICAL V2.0: 9.3 HIGH |
CVE-2020-16043 |
Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic. Published: January 08, 2021; 2:15:14 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-25678 |
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. Published: January 08, 2021; 1:15:13 PM -0500 |
V3.1: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2020-8287 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. Published: January 06, 2021; 4:15:14 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-8265 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. Published: January 06, 2021; 4:15:14 PM -0500 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-27843 |
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. Published: January 05, 2021; 1:15:14 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2020-27842 |
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Published: January 05, 2021; 1:15:14 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-36158 |
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. Published: January 05, 2021; 12:15:10 AM -0500 |
V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
CVE-2019-25013 |
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. Published: January 04, 2021; 1:15:13 PM -0500 |
V3.1: 5.9 MEDIUM V2.0: 7.1 HIGH |
CVE-2020-35730 |
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. Published: December 28, 2020; 3:15:13 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-35738 |
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. Published: December 27, 2020; 11:15:12 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2020-35376 |
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. Published: December 25, 2020; 11:15:12 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-29385 |
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. Published: December 25, 2020; 9:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |