CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3875 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3875
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un desbordamiento del búfer en la región heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://security.gentoo.org/glsa/202208-32 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41800
https://notcve.org/view.php?id=CVE-2021-41800
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de consultas). Visitando Special:Contributions puede resultar a veces en una consulta SQL de larga duración porque la protección de PoolCounter está manejada inapropiadamente • https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5& • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41799
https://notcve.org/view.php?id=CVE-2021-41799
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de la consulta). ApiQueryBacklinks (action=query&list=backlinks) puede causar un escaneo completo de la tabla • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://lists.wikimedia.org/hyperkitty/list/wikitech-l%40lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5 https://phabricator.wikimedia.org/T290394 https://security.gentoo.org&#x • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41798
https://notcve.org/view.php?id=CVE-2021-41798
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. MediaWiki versiones anteriores a 1.36.2, permite una vulnerabilidad de tipo XSS. Los mensajes de MediaWiki relacionados con el mes no se escapan antes de ser usados en la página de resultados Special:Search • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDBPECBWN6LWNSWIQMVXK6PP4YFEUYHA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNEAI2T3Y65I55ZB6UE6RMC662RZTGRX https://phabricator.wikimedia.org/T285515 https://security.gentoo.org/glsa/202305-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 16%CPEs: 6EXPL: 0CVE-2021-37976 – Google Chromium Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-37976
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una implementación inapropiada en Memory en Google Chrome versiones anteriores a 94.0.4606.71, permitía a un atacante remoto conseguir información potencialmente confidencial de la memoria del proceso por medio de una página HTML diseñada Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html https://crbug.com/1251787 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D63JZ3ROXCUHP4CFWDHCPZNTGET7T34R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRFXUDH46PFVE75VQVWY6PYY5DK3S2XT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNARCF5HEZK7GJXZRN5TQ45AQDCRM2WO https://www.debian.org/security/2022/dsa-5046 • CWE-862: Missing Authorization •