Vulnerabilities > Fedoraproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-27 | CVE-2021-28700 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. | 4.9 |
| 2021-08-27 | CVE-2021-40153 | Path Traversal vulnerability in multiple products squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. | 8.1 |
| 2021-08-26 | CVE-2021-30590 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-08-26 | CVE-2021-30591 | Use After Free vulnerability in multiple products Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2021-08-26 | CVE-2021-30592 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2021-08-26 | CVE-2021-30593 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. | 8.1 |
| 2021-08-26 | CVE-2021-30594 | Use After Free vulnerability in multiple products Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 6.8 |
| 2021-08-26 | CVE-2021-30596 | Origin Validation Error vulnerability in multiple products Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
| 2021-08-26 | CVE-2021-30597 | Use After Free vulnerability in multiple products Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 6.8 |
| 2021-08-26 | CVE-2021-30598 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |