Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-08 CVE-2021-21779 Use After Free vulnerability in multiple products
A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4.
network
low complexity
webkitgtk fedoraproject debian CWE-416
8.8
8.8
2021-07-07 CVE-2021-21775 Use After Free vulnerability in multiple products
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4.
network
low complexity
webkitgtk fedoraproject debian CWE-416
8.0
8.0
2021-07-06 CVE-2021-32740 Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library.
network
low complexity
addressable-project fedoraproject
7.5
7.5
2021-07-02 CVE-2021-30554 Use After Free vulnerability in multiple products
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-07-02 CVE-2021-30556 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-07-02 CVE-2021-30557 Use After Free vulnerability in multiple products
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
7.5
2021-06-29 CVE-2021-33503 Resource Exhaustion vulnerability in multiple products
An issue was discovered in urllib3 before 1.26.5.
network
low complexity
python fedoraproject oracle CWE-400
7.5
7.5
2021-06-24 CVE-2021-32708 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Flysystem is an open source file storage library for PHP.
network
high complexity
thephpleague fedoraproject CWE-367
8.1
8.1
2021-06-21 CVE-2021-29063 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.
network
low complexity
mpmath fedoraproject CWE-770
7.5
7.5