CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31272
https://notcve.org/view.php?id=CVE-2021-31272
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. SerenityOS anterior al commit 3844e8569689dd476064a0759d704bc64fb3ca2c, contiene una vulnerabilidad de salto de directorio en tar/unzip que puede conllevar a una ejecución de comandos o a una escalada de privilegios • https://github.com/SerenityOS/serenity/issues/3991 https://github.com/SerenityOS/serenity/issues/3992 https://github.com/SerenityOS/serenity/pull/5713 https://github.com/SerenityOS/serenity/pull/5713/commits/3844e8569689dd476064a0759d704bc64fb3ca2c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30045
https://notcve.org/view.php?id=CVE-2021-30045
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. SerenityOS hasta el 27-03-2021, contiene una vulnerabilidad de desbordamiento del búfer en la función EndOfCentralDirectory::read() • https://github.com/SerenityOS/serenity/commit/4317db7498eaa5a37068052bb0310fbc6a5f78e4 https://github.com/SerenityOS/serenity/issues/5975 https://github.com/SerenityOS/serenity/pull/5977 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •