Vulnerabilities > Fedoraproject > Fedora > 34
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-23 | CVE-2021-38002 | Use After Free vulnerability in multiple products Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
2021-11-23 | CVE-2021-38003 | Improper Handling of Exceptional Conditions vulnerability in multiple products Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2021-11-23 | CVE-2021-41281 | Path Traversal vulnerability in multiple products Synapse is a package for Matrix homeservers written in Python 3/Twisted. | 7.5 |
2021-11-23 | CVE-2021-3672 | Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. | 5.6 |
2021-11-22 | CVE-2021-44143 | Out-of-bounds Write vulnerability in multiple products A flaw was found in mbsync in isync 1.4.0 through 1.4.3. | 9.8 |
2021-11-19 | CVE-2021-21898 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. | 8.8 |
2021-11-19 | CVE-2021-21899 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. | 8.8 |
2021-11-19 | CVE-2021-21900 | Use After Free vulnerability in multiple products A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. | 8.8 |
2021-11-19 | CVE-2021-39921 | NULL Pointer Dereference vulnerability in multiple products NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 7.5 |
2021-11-19 | CVE-2021-39922 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file | 7.5 |