CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31162 – rust: double free in Vec::from_iter function if freeing the element panics
https://notcve.org/view.php?id=CVE-2021-31162
14 Apr 2021 — In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, se puede producir una doble liberación en la función Vec::from_iter si se libera los pánicos del elemento Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Issues addressed include buffer overflow, doub... • https://github.com/rust-lang/rust/issues/83618 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-27815 – Gentoo Linux Security Advisory 202210-28
https://notcve.org/view.php?id=CVE-2021-27815
14 Apr 2021 — NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. Una desreferencia de puntero NULL en la herramienta de línea de comandos exif, al imprimir datos EXIF con formato XML, en exif versión v0.6.22 y anteriores permite a atacantes causar una Denegación de Servicio (DoS) al cargar un archivo JPEG malicioso, causando que... • https://github.com/libexif/exif/commit/eb84b0e3c5f2a86013b6fcfb800d187896a648fa • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28876 – rust: panic safety issue in Zip implementation
https://notcve.org/view.php?id=CVE-2021-28876
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip presenta un problema de seguridad de pánico. Llama a la función __itera... • https://github.com/rust-lang/rust/issues/81740 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28878 – rust: memory safety violation in Zip implementation when next_back() and next() are used together
https://notcve.org/view.php?id=CVE-2021-28878
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. En la biblioteca estándar en Rust versiones anteriores a 1.52.0, la implementación de Zip llama a la función __iterator_get_unchecked() más de una vez para el mismo índice (bajo dete... • https://github.com/rust-lang/rust/issues/82291 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-28879 – rust: integer overflow in the Zip implementation can lead to a buffer overflow
https://notcve.org/view.php?id=CVE-2021-28879
11 Apr 2021 — In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. En la biblioteca estándar de Rust versiones anteriores a 1.52.0, la implementación de Zip puede reportar un tamaño incorrecto debido a un desbordamiento de enteros. Este bug puede conllevar a un desbordamiento del búfer cuando un iterador Zip consumido es usado nuevamente Rust Toolset provides th... • https://github.com/rust-lang/rust/issues/82282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21199 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21199
09 Apr 2021 — Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Aura en Google Chrome en Linux versiones anteriores a 89.0.4389.114, permitía a un atacante remoto que había comprometido el proceso del renderizador explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities h... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21197 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21197
09 Apr 2021 — Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en TabStrip en Google Chrome versiones anteriores a 89.0.4389.114, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary exec... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 1CVE-2021-21198 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21198
09 Apr 2021 — Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Una lectura fuera de límites en IPC en Google Chrome versiones anteriores a 89.0.4389.114, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium ... • https://packetstorm.news/files/id/162973 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2021-21196 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21196
09 Apr 2021 — Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en TabStrip en Google Chrome en Windows versiones anteriores a 89.0.4389.114, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21194 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21194
09 Apr 2021 — Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en screen sharing en Google Chrome versiones anteriores a 89.0.4389.114, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbit... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •