Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-09 CVE-2021-21171 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2021-03-09 CVE-2021-21170 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2021-03-09 CVE-2021-21168 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2021-03-09 CVE-2021-21164 Origin Validation Error vulnerability in multiple products
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-346
6.5
6.5
2021-03-09 CVE-2021-21163 Origin Validation Error vulnerability in multiple products
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server.
network
low complexity
google fedoraproject debian CWE-346
6.5
6.5
2021-03-08 CVE-2021-23351 The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function.
network
low complexity
go-proxyproto-project fedoraproject
4.9
4.9
2021-03-04 CVE-2020-25639 A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC.
local
low complexity
linux fedoraproject redhat
4.4
4.4
2021-03-03 CVE-2021-22878 Cross-site Scripting vulnerability in multiple products
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
network
low complexity
nextcloud fedoraproject CWE-79
4.8
4.8
2021-03-03 CVE-2021-22877 Missing Authorization vulnerability in multiple products
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
network
low complexity
nextcloud fedoraproject CWE-862
6.5
6.5
2021-03-03 CVE-2020-8296 Weak Password Requirements vulnerability in multiple products
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
local
low complexity
nextcloud fedoraproject CWE-521
6.7
6.7