Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42377 Release of Invalid Pointer or Reference vulnerability in multiple products
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string.
network
low complexity
busybox fedoraproject netapp CWE-763
critical
 9.8
9.8
2021-11-13 CVE-2021-43616 Insufficient Verification of Data Authenticity vulnerability in multiple products
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json.
network
low complexity
npmjs netapp fedoraproject CWE-345
critical
 9.8
9.8
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2021-11-02 CVE-2021-43267 Improper Validation of Specified Quantity in Input vulnerability in multiple products
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16.
network
low complexity
linux fedoraproject netapp CWE-1284
critical
 9.8
9.8
2021-10-29 CVE-2021-3756 Out-of-bounds Write vulnerability in multiple products
libmysofa is vulnerable to Heap-based Buffer Overflow
network
low complexity
symonics fedoraproject CWE-787
critical
 9.8
9.8
2021-10-18 CVE-2021-38297 Classic Buffer Overflow vulnerability in multiple products
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
network
low complexity
golang fedoraproject CWE-120
critical
 9.8
9.8
2021-10-08 CVE-2021-37973 Use After Free vulnerability in multiple products
Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
critical
 9.6
9.6
2021-10-08 CVE-2021-30633 Use After Free vulnerability in multiple products
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
critical
 9.6
9.6
2021-10-07 CVE-2021-42013 It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.
network
low complexity
apache fedoraproject oracle netapp
critical
 9.8
9.8
2021-09-23 CVE-2021-22945 Double Free vulnerability in multiple products
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
network
low complexity
haxx fedoraproject netapp oracle apple siemens debian splunk CWE-415
critical
 9.1
9.1