Vulnerabilities > Fedoraproject > Fedora

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-22212 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
ntpkeygen can generate keys that ntpd fails to parse.
network
high complexity
ntpsec fedoraproject CWE-327
7.4
7.4
2021-06-08 CVE-2021-23169 A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1.
network
low complexity
openexr fedoraproject
8.8
8.8
2021-06-08 CVE-2021-23215 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1.
local
low complexity
openexr fedoraproject debian
5.5
5.5
2021-06-08 CVE-2021-26260 An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1.
local
low complexity
openexr fedoraproject debian
5.5
5.5
2021-06-08 CVE-2021-3564 A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device.
local
low complexity
linux fedoraproject debian
5.5
5.5
2021-06-08 CVE-2021-33560 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.
network
low complexity
gnupg debian fedoraproject oracle CWE-203
7.5
7.5
2021-06-07 CVE-2021-30521 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2021-06-07 CVE-2021-30522 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-06-07 CVE-2021-30523 Use After Free vulnerability in multiple products
Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-06-07 CVE-2021-30524 Use After Free vulnerability in multiple products
Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8