CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3575 – openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-3575
10 Nov 2021 — A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. Se encontró un desbordamiento de búfer en la región heap de la memoria en openjpeg en color.c:379:42 en sycc420_to_rgb cuando es descomprimido un archivo .j2k diseñado. Un atacante podría usar esto para ejecutar código arbitrario con los permisos de la aplicación c... • https://bugzilla.redhat.com/show_bug.cgi?id=1957616 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3927 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3927
05 Nov 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3928 – Use of Uninitialized Variable in vim/vim
https://notcve.org/view.php?id=CVE-2021-3928
05 Nov 2021 — vim is vulnerable to Use of Uninitialized Variable vim es vulnerable al uso de una variable no inicializada It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27836
https://notcve.org/view.php?id=CVE-2021-27836
03 Nov 2021 — An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Se ha detectado un problema en la función xls_getWorkSheet en el archivo xls.c en libxls 1.6.2, que permite a atacantes causar una denegación de servicio, por medio de un archivo XLS diseñado • https://github.com/libxls/libxls/issues/94 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0CVE-2020-27820 – kernel: use-after-free in nouveau kernel module
https://notcve.org/view.php?id=CVE-2020-27820
02 Nov 2021 — A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). Se ha encontrado una vulnerabilidad en el kernel de Linux, en la que un uso de memoria previamente liberada en el manejador postclose() de nouveau podría ocurrir si se quita el dispositivo (que no es común quitar la tarjeta de vídeo físicamente sin apagar, pero lo mi... • https://bugzilla.redhat.com/show_bug.cgi?id=1901726 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2021-37980 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37980
02 Nov 2021 — Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. Una implementación inapropiada de Sandbox en Google Chrome versiones anteriores a 94.0.4606.81, permitía a un atacante remoto omitir potencialmente el aislamiento del sitio por medio de Windows Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. • https://github.com/ZeusBox/CVE-2021-37980 •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-37979 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37979
02 Nov 2021 — heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en WebRTC en Google Chrome versiones anteriores a 94.0.4606.81, permitía a un atacante remoto que convenciera a un usuario de navegar por un sitio web malicioso explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple se... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-37978 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37978
02 Nov 2021 — Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Blink en Google Chrome versiones anteriores a 94.0.4606.81, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or info... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-37977 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37977
02 Nov 2021 — Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Garbage Collection en Google Chrome versiones anteriores a 94.0.4606.81, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denia... • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.5EPSS: 28%CPEs: 5EXPL: 11CVE-2021-42574 – environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
https://notcve.org/view.php?id=CVE-2021-42574
01 Nov 2021 — An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers ... • https://github.com/simplylu/CVE-2021-42574 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-838: Inappropriate Encoding for Output Context •