CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37997
https://notcve.org/view.php?id=CVE-2021-37997
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Sign-In en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto que convenciera a un usuario de iniciar sesión en Chrome explotar potencialmente la corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1259864 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41281 – Path traversal in Matrix Synapse
https://notcve.org/view.php?id=CVE-2021-41281
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. • https://github.com/matrix-org/synapse/commit/91f2bd090 https://github.com/matrix-org/synapse/releases/tag/v1.47.1 https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 0CVE-2021-44143
https://notcve.org/view.php?id=CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. Se ha encontrado un fallo en mbsync en isync versiones 1.4.0 hasta 1.4.3. Debido a una condición no comprobada, un servidor IMAP malicioso o comprometido podría usar un mensaje de correo diseñado que carece de encabezados (es decir, uno que comienza con una línea vacía) para provocar un desbordamiento de la pila, que podría ser explotado para una ejecución de código remota • http://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX https://security.gentoo.org/glsa/202208-15 https://sourceforge.net/p/isync/isync/commit_browser https://sourceforge.net/p/isync/isync/ref/master/ta • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3968 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3968
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL https://security.gentoo.org/glsa/202208-32 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3973 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3973
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2LS2DXBTYOCWGAKFMBF3HTWWXPBEFL https://security.g • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •