CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21232 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21232
30 Apr 2021 — Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Dev Tools en Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execut... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2021-21233 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21233
30 Apr 2021 — Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en ANGLE en Google Chrome en Windows versiones anteriores a 90.0.4430.93, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2021-21231 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21231
30 Apr 2021 — Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de datos en V8 en Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21229 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21229
30 Apr 2021 — Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La Interfaz de Usuario de seguridad incorrecta en downloads en Google Chrome en Android versiones anteriores a 90.0.4430.93, permitía a un atacante remoto llevar a cabo una suplantación de dominio por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ar... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2021-21230 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21230
30 Apr 2021 — Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 9... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21228 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21228
30 Apr 2021 — Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. La aplicación de políticas insuficiente en extensions de Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa para omitir restricciones de navegación por medio de una Chrome Extension diseñada. Multiple ... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2021-21227 – Gentoo Linux Security Advisory 202104-08
https://notcve.org/view.php?id=CVE-2021-21227
30 Apr 2021 — Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de datos en V8 en Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-20254 – samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token
https://notcve.org/view.php?id=CVE-2021-20254
30 Apr 2021 — A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1949442 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27823 – openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()
https://notcve.org/view.php?id=CVE-2020-27823
28 Apr 2021 — A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el codificador de OpenJPEG. Este fallo permite a un atacante pasar una entrada de desplazamiento x,y especialmente diseñada a OpenJPEG para usarla durante la codificación. • https://bugzilla.redhat.com/show_bug.cgi?id=1905762 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27824 – openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()
https://notcve.org/view.php?id=CVE-2020-27824
28 Apr 2021 — A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el codificador de OpenJPEG en la función opj_dwt_calc_explicit_stepsizes(). Este fallo permite a un atacante que puede suministrar una entrada diseñada a niveles de descomposición para causar un desbordamiento del... • https://github.com/pazhanivel07/openjpeg-2.3.0_CVE-2020-27824 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •