CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3927 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3927
05 Nov 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3928 – Use of Uninitialized Variable in vim/vim
https://notcve.org/view.php?id=CVE-2021-3928
05 Nov 2021 — vim is vulnerable to Use of Uninitialized Variable vim es vulnerable al uso de una variable no inicializada It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-43389 – kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
https://notcve.org/view.php?id=CVE-2021-43389
04 Nov 2021 — An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.14.15. Se presenta un fallo de índice de matriz fuera de límites en la función detach_capi_ctr en el archivo drivers/isdn/capi/kcapi.c An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) f... • http://www.openwall.com/lists/oss-security/2021/11/05/1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40985 – Gentoo Linux Security Advisory 202405-07
https://notcve.org/view.php?id=CVE-2021-40985
03 Nov 2021 — A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. Una vulnerabilidad de desbordamiento del búfer under-read en htmldoc versiones anteriores a 1.9.12, permite a atacantes causar una denegación de servicio por medio de una imagen BMP diseñada a la función image_load_bmp. Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal... • https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2021-38503 – Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
https://notcve.org/view.php?id=CVE-2021-38503
03 Nov 2021 — The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Las reglas del sandbox de iframe no se aplicaban correctamente a las hojas de estilo XSLT, permitiendo a un iframe omitir restricciones como la ejecución de scripts o la navegación por el marco de nivel superior. Esta vulnerabilidad afecta a Firefox v... • https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38504 – Mozilla: Use-after-free in file picker dialog
https://notcve.org/view.php?id=CVE-2021-38504
03 Nov 2021 — When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Cuando se interactúa con el diálogo del selector de archivos de un elemento de entrada HTML con webkitdirectory configurado, podría haberse producido un uso de memoria previamente liberada, conllevando a una corrupción de memoria y ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1730156 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38506 – Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning
https://notcve.org/view.php?id=CVE-2021-38506
03 Nov 2021 — Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Mediante de una serie de navegaciones, Firefox podría haber entrado en modo de pantalla completa sin notificación o advertencia al usuario. Esto podría conllevar a ataques de suplantación de identidad en la Interfaz de Usuario del n... • https://bugzilla.mozilla.org/show_bug.cgi?id=1730750 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38507 – Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
https://notcve.org/view.php?id=CVE-2021-38507
03 Nov 2021 — The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as sam... • https://bugzilla.mozilla.org/show_bug.cgi?id=1730935 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38508 – Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
https://notcve.org/view.php?id=CVE-2021-38508
03 Nov 2021 — By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Al mostrar un mensaje de comprobación del formulario en la ubicación correcta al mismo tiempo que una solicitud de permiso (como para la geolocalización), el mensaje d... • https://bugzilla.mozilla.org/show_bug.cgi?id=1366818 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-38509 – Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain
https://notcve.org/view.php?id=CVE-2021-38509
03 Nov 2021 — Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. Debido a una secuencia inusual de eventos controlados por el atacante, un diálogo Javascript alert() con contenido arbitrario (aunque sin estilo) podría mostrarse encima de una página web no controlada de la elección ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1718571 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •