|
197851
|
6.5 |
MEDIUM
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
|
CWE-20
Improper Input Validation
|
CVE-2021-21123
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197852
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21122
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197853
|
9.6 |
CRITICAL
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21121
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197854
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21120
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197855
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
|
CWE-416
Use After Free
|
CVE-2021-21119
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197856
|
8.8 |
HIGH
Network
|
google
microsoft
|
chrome
edge_chromium
|
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2021-21118
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197857
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2021-21117
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197858
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
Marked is an open-source markdown parser and compiler (npm package "marked"). In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. Thi…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2021-21306
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197859
|
4.3 |
MEDIUM
Network
|
carrierwave_project
|
carrierwave
|
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF …
|
-
|
CVE-2021-21288
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197860
|
8.8 |
HIGH
Network
|
carrierwave_project
|
carrierwave
|
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulner…
|
CWE-94
Code Injection
|
CVE-2021-21305
|
2024-11-21 14:47 |
2021-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
