Vulnerabilities > Fedoraproject > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2021-32642 Injection vulnerability in multiple products
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports.
network
low complexity
uninett fedoraproject CWE-74
critical
 9.4
9.4
2021-05-28 CVE-2021-20236 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the ZeroMQ server in versions before 4.3.3.
network
low complexity
zeromq redhat fedoraproject CWE-787
critical
 9.8
9.8
2021-05-27 CVE-2021-31535 Classic Buffer Overflow vulnerability in multiple products
LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code.
network
low complexity
x-org fedoraproject CWE-120
critical
 9.8
9.8
2021-05-25 CVE-2021-33574 Use After Free vulnerability in multiple products
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.
network
low complexity
gnu fedoraproject netapp debian CWE-416
critical
 9.8
9.8
2021-05-14 CVE-2021-3402 An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
network
low complexity
virustotal fedoraproject
critical
 9.1
9.1
2021-05-06 CVE-2021-20204 A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases.
network
low complexity
getdata-project debian fedoraproject
critical
 9.8
9.8
2021-05-06 CVE-2021-30473 Release of Invalid Pointer or Reference vulnerability in multiple products
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.
network
low complexity
aomedia fedoraproject CWE-763
critical
 9.8
9.8
2021-05-05 CVE-2021-31800 Path Traversal vulnerability in multiple products
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22.
network
low complexity
secureauth fedoraproject CWE-22
critical
 9.8
9.8
2021-04-26 CVE-2021-21226 Use After Free vulnerability in multiple products
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
 9.6
9.6
2021-04-26 CVE-2021-21201 Use After Free vulnerability in multiple products
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
critical
 9.6
9.6