CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3634 – libssh: possible heap-based buffer overflow when rekeying
https://notcve.org/view.php?id=CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. • https://bugzilla.redhat.com/show_bug.cgi?id=1978810 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG https://security.gentoo.org/glsa/202312-05 https://security.netapp.com/advisory/ntap-20211004-0003 https://www&# • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-30604
https://notcve.org/view.php?id=CVE-2021-30604
Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en ANGLE en Google Chrome versiones anteriores a 92.0.4515.159, permitió a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html https://crbug.com/1234829 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-30603 – Chrome HRTFDatabaseLoader::WaitForLoaderThreadCompletion Data Race
https://notcve.org/view.php?id=CVE-2021-30603
Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una carrera de datos en WebAudio en Google Chrome versiones anteriores a 92.0.4515.159, permitió a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. Chrome suffers from a HRTFDatabaseLoader::WaitForLoaderThreadCompletion data race condition. • http://packetstormsecurity.com/files/164259/Chrome-HRTFDatabaseLoader-WaitForLoaderThreadCompletion-Data-Race.html https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html https://crbug.com/1233564 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2021-30602
https://notcve.org/view.php?id=CVE-2021-30602
Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 92.0.4515.159, permitió a un atacante que convenció a un usuario de visitar un sitio web malicioso explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html https://crbug.com/1230767 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L https://www.talosintelligence.com/vulnerability_reports/TALOS-2021- • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-30601
https://notcve.org/view.php?id=CVE-2021-30601
Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Extensions API en Google Chrome versiones anteriores a 92.0.4515.159, permitió que un atacante que convenció a un usuario de instalar una extensión maliciosa explotara potencialmente la corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html https://crbug.com/1234009 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L • CWE-416: Use After Free •