Page 6 of 982 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-21228

https://notcve.org/view.php?id=CVE-2021-21228

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. La aplicación de políticas insuficiente en extensions de Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa para omitir restricciones de navegación por medio de una Chrome Extension diseñada. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html https://crbug.com/1139156 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2021-21227

https://notcve.org/view.php?id=CVE-2021-21227

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de datos en V8 en Google Chrome versiones anteriores a 90.0.4430.93, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada. • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html https://crbug.com/1199345 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2021-20254 – samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token

https://notcve.org/view.php?id=CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1949442 https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT https://security.gentoo.org/glsa/202105-22 https://security.netapp.com/advisory/ntap-20210430-0001 https://www.samba.org/samba/security/CVE-2021-20254 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-27823 – openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()

https://notcve.org/view.php?id=CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el codificador de OpenJPEG. Este fallo permite a un atacante pasar una entrada de desplazamiento x,y especialmente diseñada a OpenJPEG para usarla durante la codificación. • https://bugzilla.redhat.com/show_bug.cgi?id=1905762 https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://www.debian.org/security/2021/dsa-4882 https://access.redhat.com/security/cve/CVE-2020-27823 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-27824 – openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()

https://notcve.org/view.php?id=CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el codificador de OpenJPEG en la función opj_dwt_calc_explicit_stepsizes(). Este fallo permite a un atacante que puede suministrar una entrada diseñada a niveles de descomposición para causar un desbordamiento del búfer. • https://bugzilla.redhat.com/show_bug.cgi?id=1905723 https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://www.debian.org/security/2021/dsa-4882 https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020- • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •