Vulnerabilities > Fedoraproject > Fedora > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2021-39272 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | 5.9 |
| 2021-08-27 | CVE-2021-28694 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. | 6.8 |
| 2021-08-27 | CVE-2021-28695 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. | 6.8 |
| 2021-08-27 | CVE-2021-28696 | Incorrect Authorization vulnerability in multiple products IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. | 6.8 |
| 2021-08-27 | CVE-2021-28698 | Infinite Loop vulnerability in multiple products long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. | 5.5 |
| 2021-08-27 | CVE-2021-28699 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. | 5.5 |
| 2021-08-27 | CVE-2021-28700 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. | 4.9 |
| 2021-08-26 | CVE-2021-30594 | Use After Free vulnerability in multiple products Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 6.8 |
| 2021-08-26 | CVE-2021-30596 | Origin Validation Error vulnerability in multiple products Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2021-08-26 | CVE-2021-30597 | Use After Free vulnerability in multiple products Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 6.8 |