CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21261 – Flatpak sandbox escape via spawn portal
https://notcve.org/view.php?id=CVE-2021-21261
14 Jan 2021 — A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. • https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.6EPSS: 1%CPEs: 4EXPL: 0CVE-2021-21115 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21115
08 Jan 2021 — User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21107 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21107
08 Jan 2021 — Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 4EXPL: 0CVE-2021-21108 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21108
08 Jan 2021 — Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 4EXPL: 0CVE-2021-21109 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21109
08 Jan 2021 — Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 23%CPEs: 4EXPL: 1CVE-2021-21110 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21110
08 Jan 2021 — Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://github.com/Gh0st0ne/CVE-2021-21110 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21111 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21111
08 Jan 2021 — Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.6EPSS: 4%CPEs: 4EXPL: 0CVE-2021-21106 – Gentoo Linux Security Advisory 202101-05
https://notcve.org/view.php?id=CVE-2021-21106
08 Jan 2021 — Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16014 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16014
07 Dec 2020 — Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16018 – Gentoo Linux Security Advisory 202012-05
https://notcve.org/view.php?id=CVE-2020-16018
07 Dec 2020 — Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html • CWE-416: Use After Free •