CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4327 – SerenityOS TypedArray.cpp initialize_typed_array_from_array_buffer integer overflow
https://notcve.org/view.php?id=CVE-2021-4327
A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. • https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html https://github.com/SerenityOS/serenity/commit/f6c6047e49f1517778f5565681fb64750b14bf60 https://vuldb.com/?ctiid.222074 https://vuldb.com/?id.222074 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31272
https://notcve.org/view.php?id=CVE-2021-31272
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. SerenityOS anterior al commit 3844e8569689dd476064a0759d704bc64fb3ca2c, contiene una vulnerabilidad de salto de directorio en tar/unzip que puede conllevar a una ejecución de comandos o a una escalada de privilegios • https://github.com/SerenityOS/serenity/issues/3991 https://github.com/SerenityOS/serenity/issues/3992 https://github.com/SerenityOS/serenity/pull/5713 https://github.com/SerenityOS/serenity/pull/5713/commits/3844e8569689dd476064a0759d704bc64fb3ca2c • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33185
https://notcve.org/view.php?id=CVE-2021-33185
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information. SerenityOS contiene un desbordamiento de búfer en la prueba set_range en la función TestBitmap que podría permitir a atacantes obtener información confidencial • https://github.com/SerenityOS/serenity/issues/7073 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33186
https://notcve.org/view.php?id=CVE-2021-33186
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information. SerenityOS en el archivo test-crypto.cpp contiene un desbordamiento del búfer de la pila que podría permitir a atacantes obtener información confidencial • https://github.com/SerenityOS/serenity/issues/7072 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30045
https://notcve.org/view.php?id=CVE-2021-30045
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. SerenityOS hasta el 27-03-2021, contiene una vulnerabilidad de desbordamiento del búfer en la función EndOfCentralDirectory::read() • https://github.com/SerenityOS/serenity/commit/4317db7498eaa5a37068052bb0310fbc6a5f78e4 https://github.com/SerenityOS/serenity/issues/5975 https://github.com/SerenityOS/serenity/pull/5977 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •