VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Fedoraproject
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-12-24
CVE-2021-45473
Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).
network
low complexity
mediawiki
fedoraproject
CWE-79
6.1
6.1
2021-12-24
CVE-2021-45474
Cross-site Scripting vulnerability in multiple products
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.
network
low complexity
mediawiki
fedoraproject
CWE-79
6.1
6.1
2021-12-23
CVE-2021-3622
A flaw was found in the hivex library.
network
low complexity
redhat
fedoraproject
4.3
4.3
2021-12-23
CVE-2021-4024
Origin Validation Error vulnerability in multiple products
A flaw was found in podman.
network
low complexity
podman-project
fedoraproject
redhat
CWE-346
6.5
6.5
2021-12-23
CVE-2021-38009
Information Exposure Through Discrepancy vulnerability in multiple products
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google
fedoraproject
debian
CWE-203
6.5
6.5
2021-12-23
CVE-2021-38010
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
network
low complexity
google
fedoraproject
debian
6.5
6.5
2021-12-23
CVE-2021-38018
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
network
low complexity
google
fedoraproject
debian
6.5
6.5
2021-12-23
CVE-2021-38019
Always-Incorrect Control Flow Implementation vulnerability in multiple products
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google
fedoraproject
debian
CWE-670
6.5
6.5
2021-12-23
CVE-2021-38020
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
network
low complexity
google
fedoraproject
debian
4.3
4.3
2021-12-23
CVE-2021-38021
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
network
low complexity
google
fedoraproject
debian
6.5
6.5
«
Previous
1
2
...
68
69
70
(current)
71
72
...
188
189
»
Next