Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2021-12-24 CVE-2021-45472 Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-12-24 CVE-2021-45473 Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-12-24 CVE-2021-45474 Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
network
low complexity
mediawiki fedoraproject CWE-79
6.1
6.1
2021-12-23 CVE-2021-3621 OS Command Injection vulnerability in multiple products
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
network
low complexity
fedoraproject redhat CWE-78
8.8
8.8
2021-12-23 CVE-2021-3622 A flaw was found in the hivex library.
network
low complexity
redhat fedoraproject
4.3
4.3
2021-12-23 CVE-2021-4024 Origin Validation Error vulnerability in multiple products
A flaw was found in podman.
network
low complexity
podman-project fedoraproject redhat CWE-346
6.5
6.5
2021-12-23 CVE-2021-45469 Out-of-bounds Read vulnerability in multiple products
In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.
local
low complexity
linux fedoraproject debian netapp CWE-125
7.8
7.8
2021-12-23 CVE-2021-45463 load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered.
local
low complexity
gegl gimp redhat fedoraproject
7.8
7.8
2021-12-23 CVE-2021-38005 Use After Free vulnerability in multiple products
Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-12-23 CVE-2021-38006 Use After Free vulnerability in multiple products
Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8