Page 32 of 369 results (0.182 seconds)

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1131346 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21124 • CWE-416: Use After Free •

CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0

Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/1125614 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. • https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486 https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4 https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba https://github.com/flatpak/flatpak/releases/tag/1.8.5 https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2 https://security.gentoo.org/glsa/202101-21 https://www.debian.org/security/2021/ • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0

User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html https://crbug.com/1157814 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN https://security.gentoo.org/glsa/202101-05 https://www.debian.org/security/2021/dsa-4832 • CWE-416: Use After Free •

CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0

Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html https://crbug.com/1153595 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWIJKZTZTG6G475OR6PP4WPQBVM6PS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6P6AVVFP7B2M4H7TJQBASRZIBLOTUFN https://security.gentoo.org/glsa/202101-05 https://www.debian.org/security/2021/dsa-4832 • CWE-416: Use After Free •