CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21205 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21205
26 Apr 2021 — Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Una aplicación de políticas insuficientes en navigation en Google Chrome en iOS versiones anteriores a 90.0.4430.72, permitía a un atacante remoto omitir las restricciones de navegación por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the ... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21203 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21203
26 Apr 2021 — Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of co... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21201 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21201
26 Apr 2021 — Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en permissions en Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities have ... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-21202 – Debian Security Advisory 4906-1
https://notcve.org/view.php?id=CVE-2021-21202
26 Apr 2021 — Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Un uso de la memoria previamente liberada en extensions de Google Chrome versiones anteriores a 90.0.4430.72, permitía a un atacante convencer a un usuario de instalar una extensión maliciosa para llevar a cabo potencialmente un escape del sandbox por medio de una extensión de Chrome diseñada Mult... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 25%CPEs: 4EXPL: 0CVE-2021-21206 – Google Chromium Blink Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-21206
26 Apr 2021 — Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome versiones anteriores a 89.0.4389.128, permitía a un atacante remoto explotar potencialmente una corrupción de la memoria por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution ... • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-15078 – Gentoo Linux Security Advisory 202105-25
https://notcve.org/view.php?id=CVE-2020-15078
26 Apr 2021 — OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. OpenVPN versiones 2.5.1 y anteriores, permiten a atacantes remotos omitir la autenticación y los datos del canal de control de acceso en servidores configurados con autenticación diferida, que pueden ser usados para desencadenar potencialmente más fugas de información It wa... • https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 • CWE-305: Authentication Bypass by Primary Weakness CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 93%CPEs: 6EXPL: 25CVE-2021-22204 – ExifTool Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22204
23 Apr 2021 — Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Una neutralización inapropiada de los datos del usuario en el formato de archivo DjVu en ExifTool versiones 7.44 y posteriores, permite una ejecución de código arbitrario cuando se analiza la imagen maliciosa A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which ma... • https://packetstorm.news/files/id/162558 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 1%CPEs: 9EXPL: 0CVE-2021-2196 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2196
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •
CVSS: 4.9EPSS: 1%CPEs: 9EXPL: 0CVE-2021-2193 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2193
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2194 – mysql: InnoDB unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2194
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •