Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-38002 Use After Free vulnerability in multiple products
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2021-11-22 CVE-2021-44143 Out-of-bounds Write vulnerability in multiple products
A flaw was found in mbsync in isync 1.4.0 through 1.4.3.
network
low complexity
isync-project debian fedoraproject CWE-787
critical
 9.8
9.8
2021-11-19 CVE-2021-40391 Improper Handling of Exceptional Conditions vulnerability in multiple products
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260).
network
low complexity
gerbv-project debian fedoraproject CWE-755
critical
 9.8
9.8
2021-11-19 CVE-2021-44026 SQL Injection vulnerability in multiple products
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
network
low complexity
roundcube fedoraproject debian CWE-89
critical
 9.8
9.8
2021-11-18 CVE-2021-27023 A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host.
network
low complexity
puppet fedoraproject
critical
 9.8
9.8
2021-11-15 CVE-2021-42377 Release of Invalid Pointer or Reference vulnerability in multiple products
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string.
network
low complexity
busybox fedoraproject netapp CWE-763
critical
 9.8
9.8
2021-11-13 CVE-2021-43616 Insufficient Verification of Data Authenticity vulnerability in multiple products
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json.
network
low complexity
npmjs netapp fedoraproject CWE-345
critical
 9.8
9.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2021-11-02 CVE-2021-43267 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16.
network
low complexity
linux fedoraproject netapp CWE-1284
critical
 9.8
9.8
2021-10-29 CVE-2021-3756 Out-of-bounds Write vulnerability in multiple products
libmysofa is vulnerable to Heap-based Buffer Overflow
network
low complexity
symonics fedoraproject CWE-787
critical
 9.8
9.8