CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32740 – Regular Expression Denial of Service in Addressable templates
https://notcve.org/view.php?id=CVE-2021-32740
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. • https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5 https://access.redhat.com/security/cve/CVE-2021-32740 https://bugzilla.redhat.com/show_bug.cgi?id=1979702 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30557
https://notcve.org/view.php?id=CVE-2021-30557
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en TabGroups en Google Chrome versiones anteriores a 91.0.4472.114, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa para explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html https://crbug.com/1202102 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-30556
https://notcve.org/view.php?id=CVE-2021-30556
Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebAudio en Google Chrome versiones anteriores a 91.0.4472.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html https://crbug.com/1212599 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30555
https://notcve.org/view.php?id=CVE-2021-30555
Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. Un uso de memoria previamente liberada en Sharing en Google Chrome versiones anteriores a 91.0.4472.114, permitía a un atacante que convenció a un usuario de instalar una extensión maliciosa explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada y un gesto del usuario • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html https://crbug.com/1215029 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-30554 – Google Chromium WebGL Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-30554
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en WebGL en Google Chrome versiones anteriores a 91.0.4472.114, permitía a un atacante remoto explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. • https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html https://crbug.com/1219857 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54 https://security.gentoo.org/glsa/202107-06 • CWE-416: Use After Free •