CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-28951 – Ubuntu Security Notice USN-4948-1
https://notcve.org/view.php?id=CVE-2021-28951
20 Mar 2021 — An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. Se detectó un problema en el archivo fs/io_uring.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (deadlock) porque la salida puede estar esperando para estacionar un hilo ... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49 • CWE-667: Improper Locking •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-28660 – Ubuntu Security Notice USN-4945-2
https://notcve.org/view.php?id=CVE-2021-28660
17 Mar 2021 — rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. La función rtw_wx_set_scan en el archivo drivers/staging/rtl8188eu/os_dep/ioctl_linux.c en el kernel de Linux versi... • http://www.openwall.com/lists/oss-security/2022/11/18/1 • CWE-787: Out-of-bounds Write •
CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20239 – kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure
https://notcve.org/view.php?id=CVE-2021-20239
16 Mar 2021 — A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.4.92 en el protocolo BPF. Este fallo permite a un atacante con una cuenta local filtrar información sobre las direcciones internas del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1923636 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28375 – Ubuntu Security Notice USN-4949-1
https://notcve.org/view.php?id=CVE-2021-28375
15 Mar 2021 — An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Se detectó un problema en el kernel de Linux versiones hasta 5.11.6. La función fastrpc_internal_invoke en el archivo drivers/misc/fastrpc.c no evita a unas aplicaciones de usuario enviar mensajes RPC del kernel, también se conoce como CID-20c40794eb85. Este ... • https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2020-36281 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36281
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función pixFewColorsOctcubeQuantMixed en el archivo colorquant1.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 1CVE-2020-36279 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36279
12 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. Leptonica versiones anteriores a 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función rasteropGeneralLow, relacionada con los archivos adaptmap_reg.c y adaptmap.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2020-36278 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36278
11 Mar 2021 — Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. Leptonica versiones anteriores a la 1.80.0, permite una lectura excesiva del búfer en la región heap de la memoria en la función findNextBorderPixel en el archivo ccbord.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 1CVE-2020-36277 – Gentoo Linux Security Advisory 202107-53
https://notcve.org/view.php?id=CVE-2020-36277
11 Mar 2021 — Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. Leptonica versiones anteriores a 1.80.0, permite una denegación de servicio (bloqueo de la aplicación) por medio de un desplazamiento incorrecto a la izquierda en la función pixConvert2To8 en el archivo pixconv.c Multiple vulnerabilities have been found in Leptonica, the worst of which could result in a Denial of Service condition. Versions less than 1.80.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2021-21178 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21178
08 Mar 2021 — Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una implementación inapropiada en Compositing en Google Chrome en Linux y Windows versiones anteriores a 89.0.4389.72, permitió a un atacante remoto falsificar el contenido del Omnibox (barra de URL) por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, ... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 1CVE-2021-21179 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21179
08 Mar 2021 — Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Network Internals en Google Chrome en Linux versiones anteriores a 89.0.4389.72, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which cou... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html • CWE-416: Use After Free •