CVE-2021-21197
- EPSS 1.36%
- Veröffentlicht 09.04.2021 22:15:17
- Zuletzt bearbeitet 21.11.2024 05:47:45
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21198
- EPSS 1.79%
- Veröffentlicht 09.04.2021 22:15:17
- Zuletzt bearbeitet 21.11.2024 05:47:45
Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21199
- EPSS 1.15%
- Veröffentlicht 09.04.2021 22:15:17
- Zuletzt bearbeitet 21.11.2024 05:47:45
Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30155
- EPSS 1.21%
- Veröffentlicht 09.04.2021 07:15:16
- Zuletzt bearbeitet 21.11.2024 06:03:24
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page.
CVE-2021-30156
- EPSS 1.18%
- Veröffentlicht 09.04.2021 07:15:16
- Zuletzt bearbeitet 21.11.2024 06:03:24
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.
CVE-2021-30159
- EPSS 1.56%
- Veröffentlicht 09.04.2021 07:15:16
- Zuletzt bearbeitet 21.11.2024 06:03:25
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it's on...
CVE-2021-30152
- EPSS 1.23%
- Veröffentlicht 09.04.2021 07:15:15
- Zuletzt bearbeitet 21.11.2024 06:03:24
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
CVE-2021-3448
- EPSS 1.99%
- Veröffentlicht 08.04.2021 23:15:12
- Zuletzt bearbeitet 03.12.2025 01:15:46
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmas...
CVE-2021-3482
- EPSS 2.3%
- Veröffentlicht 08.04.2021 23:15:12
- Zuletzt bearbeitet 21.11.2024 06:21:38
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing mali...
CVE-2021-29154
- EPSS 0.93%
- Veröffentlicht 08.04.2021 21:15:13
- Zuletzt bearbeitet 21.11.2024 06:00:47
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.