Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2020-36327 Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.
network
low complexity
bundler fedoraproject microsoft
8.8
8.8
2021-04-29 CVE-2021-25215 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. 		7.5
7.5
2021-04-29 CVE-2021-25214 Reachable Assertion vulnerability in multiple products
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
network
low complexity
isc debian fedoraproject siemens netapp CWE-617
6.5
6.5
2021-04-27 CVE-2021-29472 Argument Injection or Modification vulnerability in multiple products
Composer is a dependency manager for PHP.
network
low complexity
getcomposer debian fedoraproject CWE-88
8.8
8.8
2021-04-26 CVE-2021-29473 Out-of-bounds Read vulnerability in multiple products
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.
local
high complexity
exiv2 fedoraproject debian CWE-125
2.5
2.5
2021-04-26 CVE-2021-21220 Out-of-bounds Write vulnerability in multiple products
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2021-04-26 CVE-2021-21218 Use of Uninitialized Resource vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
local
low complexity
google debian fedoraproject CWE-908
5.5
5.5
2021-04-26 CVE-2021-21211 Origin Validation Error vulnerability in multiple products
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
6.5
6.5
2021-04-26 CVE-2021-21209 Origin Validation Error vulnerability in multiple products
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-346
6.5
6.5
2021-04-26 CVE-2021-21204 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
8.8