Vulnerabilities > Fedoraproject > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-12 CVE-2020-36278 Out-of-bounds Read vulnerability in multiple products
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
network
low complexity
leptonica fedoraproject debian CWE-125
7.5
7.5
2021-03-11 CVE-2020-36277 Always-Incorrect Control Flow Implementation vulnerability in multiple products
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.
network
low complexity
leptonica fedoraproject debian CWE-670
7.5
7.5
2021-03-11 CVE-2021-21381 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject
8.2
8.2
2021-03-10 CVE-2021-21772 Use After Free vulnerability in multiple products
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0.
network
high complexity
3mf fedoraproject debian CWE-416
8.1
8.1
2021-03-09 CVE-2021-21300 Git is an open-source distributed revision control system.
network
high complexity
git-scm fedoraproject apple debian
7.5
7.5
2021-03-09 CVE-2020-35524 A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool.
local
low complexity
libtiff debian fedoraproject netapp redhat
7.8
7.8
2021-03-09 CVE-2021-21190 Use of Uninitialized Resource vulnerability in multiple products
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
network
low complexity
google fedoraproject debian CWE-908
8.8
8.8
2021-03-09 CVE-2021-21188 Use After Free vulnerability in multiple products
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-03-09 CVE-2021-21180 Use After Free vulnerability in multiple products
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8
2021-03-09 CVE-2021-21179 Use After Free vulnerability in multiple products
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-416
8.8
8.8