CVE-2021-30557
- EPSS 11.75%
- Veröffentlicht 02.07.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 06:04:10
Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30554
- EPSS 7.37%
- Veröffentlicht 02.07.2021 19:15:07
- Zuletzt bearbeitet 24.10.2025 21:07:05
Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30556
- EPSS 1.75%
- Veröffentlicht 02.07.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:04:10
Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-35197
- EPSS 1.94%
- Veröffentlicht 02.07.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:12:01
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API...
CVE-2021-35042
- EPSS 44.37%
- Veröffentlicht 02.07.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 06:11:43
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVE-2021-36084
- EPSS 0.48%
- Veröffentlicht 01.07.2021 03:15:08
- Zuletzt bearbeitet 03.11.2025 22:15:48
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
CVE-2021-36085
- EPSS 0.45%
- Veröffentlicht 01.07.2021 03:15:08
- Zuletzt bearbeitet 03.11.2025 22:15:49
The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
CVE-2021-36086
- EPSS 0.59%
- Veröffentlicht 01.07.2021 03:15:08
- Zuletzt bearbeitet 24.03.2026 20:25:29
The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
CVE-2021-36087
- EPSS 0.45%
- Veröffentlicht 01.07.2021 03:15:08
- Zuletzt bearbeitet 03.11.2025 22:15:49
The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
CVE-2021-3630
- EPSS 1.06%
- Veröffentlicht 30.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:01
An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.