Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-11 CVE-2021-28878 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together.
network
low complexity
rust-lang fedoraproject CWE-119
7.5
2021-04-09 CVE-2021-21199 Use After Free vulnerability in multiple products
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2021-04-09 CVE-2021-21198 Out-of-bounds Read vulnerability in multiple products
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
network
low complexity
google fedoraproject CWE-125
7.4
2021-04-09 CVE-2021-21197 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
2021-04-09 CVE-2021-21196 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-787
8.8
2021-04-09 CVE-2021-21195 Use After Free vulnerability in multiple products
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2021-04-09 CVE-2021-21194 Use After Free vulnerability in multiple products
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject CWE-416
8.8
2021-04-08 CVE-2021-29154 Command Injection vulnerability in multiple products
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context.
local
low complexity
linux fedoraproject debian netapp CWE-77
7.8
2021-04-07 CVE-2021-30184 Classic Buffer Overflow vulnerability in multiple products
GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data.
local
low complexity
gnu fedoraproject CWE-120
7.8
2021-04-06 CVE-2021-29424 Incorrect Type Conversion or Cast vulnerability in multiple products
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
network
low complexity
net fedoraproject CWE-704
7.5