Vulnerabilities > Fedoraproject > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-23 CVE-2021-38021 Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2021-12-23 CVE-2021-38022 Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2021-12-23 CVE-2021-4054 Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google fedoraproject debian
6.5
6.5
2021-12-23 CVE-2021-4059 Improper Input Validation vulnerability in multiple products
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-20
6.5
6.5
2021-12-23 CVE-2021-4068 Improper Encoding or Escaping of Output vulnerability in multiple products
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-116
6.5
6.5
2021-12-21 CVE-2021-45293 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.
local
low complexity
webassembly fedoraproject CWE-119
5.5
5.5
2021-11-29 CVE-2021-3802 A vulnerability found in udisks2.
local
low complexity
udisks-project fedoraproject redhat
4.2
4.2
2021-11-26 CVE-2021-44225 In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property.
network
low complexity
keepalived fedoraproject
5.4
5.4
2021-11-23 CVE-2021-37999 Cross-site Scripting vulnerability in multiple products
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-79
6.1
6.1
2021-11-23 CVE-2021-38000 Open Redirect vulnerability in multiple products
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-601
6.1
6.1