CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29623 – webkitgtk: User may be unable to fully delete browsing history
https://notcve.org/view.php?id=CVE-2020-29623
28 Mar 2021 — Issues addressed include buffer overflow, code execution, cross site scripting, information leakage, integer overflow, traversal, and use-after-free vulnerabilities. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2020-7463 – Apple Security Advisory 2021-04-26-2
https://notcve.org/view.php?id=CVE-2020-7463
26 Mar 2021 —  La situación del uso de la memoria previamente liberada puede resultar en un comportamiento del kernel no deseado, incluyendo un pánico del kernel. macOS Big Sur 11.3 addresses buffer overflow, bypass, code execution, cross site scripting, denial of service, double free, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2021/Apr/49 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20271 – rpm: Signature checks bypass via corrupted rpm package
https://notcve.org/view.php?id=CVE-2021-20271
26 Mar 2021 — Issues addressed include code execution, cross site scripting, denial of service, integer overflow, and null pointer vulnerabilities. • https://bugzilla.redhat.com/show_bug.cgi?id=1934125 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2021-21783
https://notcve.org/view.php?id=CVE-2021-21783
25 Mar 2021 — A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad del plugin WS-Addressing de Genivia gSOAP versión 2.8.107. Una petición SOAP especialmente diseñada puede conllevar a una ejecución de código remota. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28362
https://notcve.org/view.php?id=CVE-2021-28362
24 Mar 2021 — Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. • https://github.com/contiki-os/contiki/releases • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 2CVE-2021-23362 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2021-23362
23 Mar 2021 — Issues addressed include code execution, cross site scripting, denial of service, integer overflow, and null pointer vulnerabilities. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 1CVE-2021-28957 – python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
https://notcve.org/view.php?id=CVE-2021-28957
21 Mar 2021 — Issues addressed include buffer overflow, code execution, cross site scripting, denial of service, information leakage, integer overflow, and traversal vulnerabilities. • https://bugs.launchpad.net/lxml/+bug/1888153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27171 – Kernel Live Patch Security Notice LSN-0075-1
https://notcve.org/view.php?id=CVE-2020-27171
20 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-193: Off-by-one Error •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27170 – kernel: Speculation on pointer arithmetic against bpf_context pointer
https://notcve.org/view.php?id=CVE-2020-27170
20 Mar 2021 — Issues addressed include denial of service and integer overflow vulnerabilities. • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2021-27358 – grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call
https://notcve.org/view.php?id=CVE-2021-27358
18 Mar 2021 — Issues addressed include code execution, cross site scripting, denial of service, integer overflow, and null pointer vulnerabilities. • https://github.com/grafana/grafana/blob/master/CHANGELOG.md • CWE-400: Uncontrolled Resource Consumption •