CVE-2021-21157
https://notcve.org/view.php?id=CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Web Sockets en Google Chrome en Linux versiones anteriores a 88.0.4324.182, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html https://crbug.com/1170657 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI6ZIJQYP5DFMYVX4J5OGOU2NQLEZ3SB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FE5SIKEVYTMDCC5OSXGOM2KRPYLHYMQX https://security.gentoo.org/glsa/202104-08 • CWE-416: Use After Free •
CVE-2021-21141
https://notcve.org/view.php?id=CVE-2021-21141
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. Una aplicación insuficiente de la política en File System API en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante remoto omitir la política de extensión de archivos por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1140435 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21141 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-21140
https://notcve.org/view.php?id=CVE-2021-21140
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Un uso no inicializado en USB en Google Chrome versiones anteriores a 88.0.4324.96, permitió a un atacante local llevar a cabo potencialmente un acceso a la memoria fuera de límites por medio de un dispositivo USB • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1136327 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21140 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2020-16009 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2020-16009
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una implementación inapropiada en V8 en Google Chrome anterior a versión 86.0.4240.183, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Turbofan fails to deoptimize code after map deprecation, leading to a type confusion vulnerability. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00017.html http://packetstormsecurity.com/files/159974/Chrome-V8-Turbofan-Type-Confusion.html https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html https://crbug.com/1143772 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://lists.fedoraproject.org/archives/list/package-annou • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2018-17916
https://notcve.org/view.php?id=CVE-2018-17916
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packet to invoke an arbitrary process, with potential for code to be executed. The code would be executed under the privileges of the InduSoft Web Studio or InTouch Edge HMI runtime and could lead to a compromise of the InduSoft Web Studio or InTouch Edge HMI server machine. InduSoft Web Studio en versiones anteriores a la 8.1 SP2 e InTouch Edge HMI (anteriormente llamado InTouch Machine Edition) en versiones anteriores a la 2017 SP2. • https://ics-cert.us-cert.gov/advisories/ICSA-18-305-01 https://www.tenable.com/security/research/tra-2018-34 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •