CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-4010 – X.Org Server SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4010
17 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SProcScreenSaverSuspend. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-45078 – Ubuntu Security Notice USN-6160-1
https://notcve.org/view.php?id=CVE-2021-45078
15 Dec 2021 — stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. La función stab_xcoff_builtin_type en el archivo stabs.c en GNU Binutils versiones hasta 2.37, permite a atacantes causar una denegación de servicio (desbordamiento de búfer basado en la pila) o posiblemente tener o... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 94%CPEs: 96EXPL: 13CVE-2021-45046 – Apache Log4j2 Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2021-45046
14 Dec 2021 — It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some... • https://packetstorm.news/files/id/179987 • CWE-400: Uncontrolled Resource Consumption CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-38005 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38005
14 Dec 2021 — Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en loader en Google Chrome versiones anteriores a 96.0.4664.45, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or informa... • https://packetstorm.news/files/id/165331 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4054 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4054
14 Dec 2021 — Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Una Interfaz de seguridad incorrecta en autofill en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto llevar a cabo una suplantación de dominio por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less th... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-4065 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4065
14 Dec 2021 — Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en autofill en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. V... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4059 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4059
14 Dec 2021 — Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Una comprobación insuficiente de datos en loader en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto filtrar datos de origen cruzado por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.1... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-38014 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-38014
14 Dec 2021 — Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de límites en Swiftshader en Google Chrome versiones anteriores a 96.0.4664.45, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or ... • https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-4062 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4062
14 Dec 2021 — Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en BFCache en Google Chrome versiones anteriores a 96.0.4664.93, permitía a un atacante remoto que hubiera comprometido el proceso de renderización explotar potencialmente la corrupción de montón por medio de una página HTML diseñada Multiple vulnerabilities have been fo... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4052 – Gentoo Linux Security Advisory 202208-25
https://notcve.org/view.php?id=CVE-2021-4052
14 Dec 2021 — Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Un uso de memoria previamente liberada en web apps en Google Chrome versiones anteriores a 96.0.4664.93,, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa explotar potencialmente una corrupción de la pila por medio de una extensión de Chrome diseñada Multiple vu... • https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •