CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26119
https://notcve.org/view.php?id=CVE-2021-26119
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. • https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html https://security.gentoo.org/glsa/202105-06 https://www.debian.org/security/2022/dsa-5151 •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21146
https://notcve.org/view.php?id=CVE-2021-21146
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://crbug.com/1161705 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21142
https://notcve.org/view.php?id=CVE-2021-21142
Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html https://crbug.com/1169317 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ACWYJ74Z3YN2XH4QMUEGNBC3VXX464L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUQSMNV7INLDDSD3RKI5S5EAULX2QC7P https://security.gentoo.org/glsa/202104-08 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21121
https://notcve.org/view.php?id=CVE-2021-21121
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1161143 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21121 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21124
https://notcve.org/view.php?id=CVE-2021-21124
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1131346 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21124 • CWE-416: Use After Free •