CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3875 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3875
15 Oct 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un desbordamiento del búfer en la región heap de la memoria Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Versions less than 9.0.0060 are affected. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41798 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-41798
11 Oct 2021 — MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. MediaWiki versiones anteriores a 1.36.2, permite una vulnerabilidad de tipo XSS. Los mensajes de MediaWiki relacionados con el mes no se escapan antes de ser usados en la página de resultados Special:Search Multiple security issues were found in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting, denial of service and a bypass ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41799 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-41799
11 Oct 2021 — MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de la consulta). ApiQueryBacklinks (action=query&list=backlinks) puede causar un escaneo completo de la tabla Multiple security issues were found in MediaWiki, a website engine... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJDYJQWT43GBD6GNQ4OW7JOZ6WQ6DZTN • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41800 – Gentoo Linux Security Advisory 202305-24
https://notcve.org/view.php?id=CVE-2021-41800
11 Oct 2021 — MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. MediaWiki versiones anteriores a 1.36.2, permite una denegación de servicio (consumo de recursos debido a un largo tiempo de procesamiento de consultas). Visitando Special:Contributions puede resultar a veces en una consulta SQL de larga duración porque la protección de... • https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 11%CPEs: 6EXPL: 0CVE-2021-37976 – Google Chromium Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-37976
08 Oct 2021 — Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una implementación inapropiada en Memory en Google Chrome versiones anteriores a 94.0.4606.71, permitía a un atacante remoto conseguir información potencialmente confidencial de la memoria del proceso por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the ... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37974 – Debian Security Advisory 5046-1
https://notcve.org/view.php?id=CVE-2021-37974
08 Oct 2021 — Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Safebrowsing en Google Chrome versiones anteriores a 94.0.4606.71, permitía a un atacante remoto que hubiera comprometido el proceso de renderización explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were d... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 15%CPEs: 5EXPL: 0CVE-2021-37973 – Google Chromium Portals Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-37973
08 Oct 2021 — Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de memoria previamente liberada en Portals en Google Chrome versiones anteriores a 94.0.4606.61, permitía que un atacante remoto que hubiera comprometido el proceso de renderización pudiera llevar a cabo un escape del sandbox por medio de una página HTML diseñada Multiple security issues were discovered in ... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-37972 – Gentoo Linux Security Advisory 202405-20
https://notcve.org/view.php?id=CVE-2021-37972
08 Oct 2021 — Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una lectura fuera de límites en libjpeg-turbo en Google Chrome versiones anteriores a 94.0.4606.54, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code execution. Versio... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2021-37971 – Gentoo Linux Security Advisory 202405-20
https://notcve.org/view.php?id=CVE-2021-37971
08 Oct 2021 — Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una Interfaz de Usuario de seguridad incorrecta en Web Browser UI de Google Chrome anterior a la versión 94.0.4606.54, permitía a un atacante remoto falsificar el contenido de la Omnibox (barra de URL) por medio de una página HTML diseñada Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead t... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 1CVE-2021-37970 – Gentoo Linux Security Advisory 202405-20
https://notcve.org/view.php?id=CVE-2021-37970
08 Oct 2021 — Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en File System API de Google Chrome anterior a la versión 94.0.4606.54, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been discovered in libjpeg-turbo, the worst of which could lead to arbitrary code executio... • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html • CWE-416: Use After Free •