Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-30556 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-07-02 CVE-2021-30557 Use After Free vulnerability in multiple products
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
7.5
2021-07-02 CVE-2021-35042 SQL Injection vulnerability in multiple products
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
network
low complexity
djangoproject fedoraproject CWE-89
critical
 9.8
9.8
2021-07-01 CVE-2021-36084 Use After Free vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
local
low complexity
selinux-project fedoraproject CWE-416
3.3
3.3
2021-07-01 CVE-2021-36085 Use After Free vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
local
low complexity
selinux-project fedoraproject CWE-416
3.3
3.3
2021-07-01 CVE-2021-36086 Use After Free vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
local
low complexity
selinux-project fedoraproject CWE-416
3.3
3.3
2021-07-01 CVE-2021-36087 Out-of-bounds Read vulnerability in multiple products
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow).
local
low complexity
selinux-project fedoraproject CWE-125
3.3
3.3
2021-06-30 CVE-2021-3630 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. 		5.5
5.5
2021-06-29 CVE-2021-33503 Resource Exhaustion vulnerability in multiple products
An issue was discovered in urllib3 before 1.26.5.
network
low complexity
python fedoraproject oracle CWE-400
7.5
7.5