Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-33571 Server-Side Request Forgery (SSRF) vulnerability in multiple products
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals.
network
low complexity
djangoproject fedoraproject CWE-918
7.5
7.5
2021-06-08 CVE-2021-22212 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
ntpkeygen can generate keys that ntpd fails to parse.
network
high complexity
ntpsec fedoraproject CWE-327
7.4
7.4
2021-06-08 CVE-2021-23169 A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1.
network
low complexity
openexr fedoraproject
8.8
8.8
2021-06-08 CVE-2021-33560 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.
network
low complexity
gnupg debian fedoraproject oracle CWE-203
7.5
7.5
2021-06-07 CVE-2021-30521 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8
2021-06-07 CVE-2021-30522 Use After Free vulnerability in multiple products
Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-06-07 CVE-2021-30523 Use After Free vulnerability in multiple products
Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-06-07 CVE-2021-30524 Use After Free vulnerability in multiple products
Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-06-07 CVE-2021-30525 Use After Free vulnerability in multiple products
Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
8.8
2021-06-07 CVE-2021-30526 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
8.8