ALT-BU-2021-4132-1
Branch p9 update bulletin.
Closed vulnerabilities
BDU:2019-04013
Уязвимость подкомпонента Analytics Actions компонента Oracle Business Intelligence Enterprise Edition программной платформы Oracle Fusion Middleware, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение, добавление или удаление данных
BDU:2021-02928
Уязвимость набора компонентов для построения корпоративных приложений JBoss Core Services, связанная с использованием памяти после ее освобождения, позволяющая нарушителю выполнить произвольный код
BDU:2021-05113
Уязвимость компонента Server: Windows системы управления базами данных MySQL Server, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-00375
Уязвимость реализации протокола Transport Layer Security (TLS) библиотеки libcurl, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2022-01645
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01648
Уязвимость компонента Server: Stored Procedure СУБД MySQL, связанная с ошибками при освобождении ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01658
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01751
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01762
Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
BDU:2022-01819
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01825
Уязвимость компонента Server: DML системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01826
Уязвимость компонента Server: DML системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01827
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01828
Уязвимость компонента Server: GIS системы управления базами данных MySQL, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-01832
Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01851
Уязвимость компонента InnoDB системы управления базами данных MariaDB и MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01854
Уязвимость компонента Server: Locking системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01855
Уязвимость компонента Server: Federated системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01858
Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-01864
Уязвимость компонента Server: DDL системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02243
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02244
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02245
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02246
Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02247
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02248
Уязвимость компонента Server: PS системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02252
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02253
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02254
Уязвимость компонента Server: DDL системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02255
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02256
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02257
Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-02258
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02259
Уязвимость компонента Server: Replication системы управления базами данных MySQL, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
BDU:2022-02260
Уязвимость компонента Server: DDL системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02261
Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02262
Уязвимость компонента Server: Memcached системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-17543
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."
- openSUSE-SU-2019:2398
- openSUSE-SU-2019:2398
- openSUSE-SU-2019:2399
- openSUSE-SU-2019:2399
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941
- https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2
- https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2
- https://github.com/lz4/lz4/issues/801
- https://github.com/lz4/lz4/issues/801
- https://github.com/lz4/lz4/pull/756
- https://github.com/lz4/lz4/pull/756
- https://github.com/lz4/lz4/pull/760
- https://github.com/lz4/lz4/pull/760
- [arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191025 [jira] [Commented] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191106 [jira] [Resolved] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191106 [jira] [Resolved] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191024 [jira] [Updated] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191024 [jira] [Updated] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191024 [jira] [Created] (ARROW-6984) Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191024 [jira] [Created] (ARROW-6984) Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191024 [jira] [Assigned] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-issues] 20191024 [jira] [Assigned] (ARROW-6984) [C++] Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-dev] 20191024 [jira] [Created] (ARROW-6984) Update LZ4 to 1.9.2 for CVE-2019-17543
- [arrow-dev] 20191024 [jira] [Created] (ARROW-6984) Update LZ4 to 1.9.2 for CVE-2019-17543
- https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E
- https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E
- [kudu-issues] 20200709 [jira] [Resolved] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu
- [kudu-issues] 20200709 [jira] [Resolved] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu
- [kudu-issues] 20200621 [jira] [Updated] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu
- [kudu-issues] 20200621 [jira] [Updated] (KUDU-3156) Whether the CVE-2019-17543 vulnerability of lz affects kudu
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Modified: 2024-11-21
CVE-2019-2897
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Modified: 2024-11-21
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://curl.se/docs/CVE-2021-22897.html
- https://curl.se/docs/CVE-2021-22897.html
- https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511
- https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511
- https://hackerone.com/reports/1172857
- https://hackerone.com/reports/1172857
- https://security.netapp.com/advisory/ntap-20210727-0007/
- https://security.netapp.com/advisory/ntap-20210727-0007/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Modified: 2024-11-21
CVE-2021-22901
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
- https://curl.se/docs/CVE-2021-22901.html
- https://curl.se/docs/CVE-2021-22901.html
- https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
- https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479
- https://hackerone.com/reports/1180380
- https://hackerone.com/reports/1180380
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210727-0007/
- https://security.netapp.com/advisory/ntap-20210727-0007/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Modified: 2024-11-21
CVE-2021-2339
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2340
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2342
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2352
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2354
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2356
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2357
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2367
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2370
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2372
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-acef1dc8cf
- FEDORA-2021-acef1dc8cf
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- FEDORA-2021-72d5918529
- FEDORA-2021-72d5918529
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2374
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2383
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2384
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2385
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-dc4299a8d0
- FEDORA-2021-df40c41094
- FEDORA-2021-df40c41094
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
Modified: 2024-11-21
CVE-2021-2387
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2389
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-acef1dc8cf
- FEDORA-2021-acef1dc8cf
- FEDORA-2021-72d5918529
- FEDORA-2021-72d5918529
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-880/
- https://www.zerodayinitiative.com/advisories/ZDI-21-880/
Modified: 2024-11-21
CVE-2021-2390
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-881/
- https://www.zerodayinitiative.com/advisories/ZDI-21-881/
Modified: 2024-11-21
CVE-2021-2399
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2402
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2410
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2412
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2417
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H).
Modified: 2024-11-21
CVE-2021-2418
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2422
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2424
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2425
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2426
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2427
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2429
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://security.netapp.com/advisory/ntap-20210723-0001/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.zerodayinitiative.com/advisories/ZDI-21-889/
- https://www.zerodayinitiative.com/advisories/ZDI-21-889/
Modified: 2024-11-21
CVE-2021-2437
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2440
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2441
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2444
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-2481
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
- FEDORA-2021-70dd0b9f5d
- FEDORA-2021-70dd0b9f5d
- FEDORA-2021-f74148c6d4
- FEDORA-2021-f74148c6d4
- FEDORA-2021-46dc82116b
- FEDORA-2021-46dc82116b
- https://security.netapp.com/advisory/ntap-20211022-0003/
- https://security.netapp.com/advisory/ntap-20211022-0003/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Modified: 2024-11-21
CVE-2021-35537
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-35583
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Modified: 2024-11-21
CVE-2021-35629
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Closed vulnerabilities
BDU:2021-03859
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03860
Уязвимость функции печати веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03865
Уязвимость компонента Android Intents веб-браузера Google Chrome для Android, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2021-03866
Уязвимость веб-браузера Google Chrome операционных систем Windows, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03867
Уязвимость компонента SQLite веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03872
Уязвимость функции автозаполнения Autofil веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03873
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности
BDU:2021-03904
Уязвимость компонента установки Installer веб-браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2021-03905
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03906
Уязвимость графического процессора GPU веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03907
Уязвимость компонента Protocol Handling веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03908
Уязвимость функции автозаполнения Autofil веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03909
Уязвимость веб-браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03910
Уязвимость функции «Sharing» («Поделиться») веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03911
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03912
Уязвимость веб-браузера Google Chrome, связанная с недостаточной проверкой введенных пользователем данных, позволяющая нарушителю проводить спуфинг-атаки
BDU:2021-03943
Уязвимость компонента Media веб-браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности
BDU:2021-03956
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03957
Уязвимость компонента Compositing веб-браузера Google Chrome операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-04024
Уязвимость пользовательского интерфейса Chromium браузера Google Chrome, позволяющая нарушителю выполнить запись за пределами памяти
BDU:2021-04038
Уязвимость компонента WebGL веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-04234
Уязвимость веб-браузера Google Chrome операционных систем iOS, связанная с недостатками разграничения доступа при обработке изображений, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2021-04235
Уязвимость компонента UI framework веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-04236
Уязвимость реализации анимации (Animation) веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2021-30565
Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1210985
- https://crbug.com/1210985
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30566
Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1202661
- https://crbug.com/1202661
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30567
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1211326
- https://crbug.com/1211326
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30568
Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1219886
- https://crbug.com/1219886
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30569
Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1218707
- https://crbug.com/1218707
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30571
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1101897
- https://crbug.com/1101897
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30572
Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1214234
- https://crbug.com/1214234
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30573
Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1216822
- https://crbug.com/1216822
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30574
Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1227315
- https://crbug.com/1227315
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30575
Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1213313
- https://crbug.com/1213313
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30576
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1194896
- https://crbug.com/1194896
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30577
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1204811
- https://crbug.com/1204811
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30578
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1201074
- https://crbug.com/1201074
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30579
Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1207277
- https://crbug.com/1207277
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30580
Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1189092
- https://crbug.com/1189092
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30581
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1194431
- https://crbug.com/1194431
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30582
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1205981
- https://crbug.com/1205981
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30583
Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1179290
- https://crbug.com/1179290
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30584
Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1213350
- https://crbug.com/1213350
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30585
Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1023503
- https://crbug.com/1023503
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1201032
- https://crbug.com/1201032
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30587
Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1204347
- https://crbug.com/1204347
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30588
Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1195650
- https://crbug.com/1195650
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30589
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1180510
- https://crbug.com/1180510
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Package chromium-gost updated to version 92.0.4515.107-alt0.p9.1 for branch p9 in task 281614.
Closed vulnerabilities
BDU:2021-03859
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03860
Уязвимость функции печати веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03865
Уязвимость компонента Android Intents веб-браузера Google Chrome для Android, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2021-03866
Уязвимость веб-браузера Google Chrome операционных систем Windows, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03867
Уязвимость компонента SQLite веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03872
Уязвимость функции автозаполнения Autofil веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03873
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности
BDU:2021-03904
Уязвимость компонента установки Installer веб-браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2021-03905
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03906
Уязвимость графического процессора GPU веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03907
Уязвимость компонента Protocol Handling веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-03908
Уязвимость функции автозаполнения Autofil веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03909
Уязвимость веб-браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03910
Уязвимость функции «Sharing» («Поделиться») веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03911
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03912
Уязвимость веб-браузера Google Chrome, связанная с недостаточной проверкой введенных пользователем данных, позволяющая нарушителю проводить спуфинг-атаки
BDU:2021-03940
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03941
Уязвимость реализации технологии XSLT (eXtensible Stylesheet Language Transformations) модуля отображения Blink браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03943
Уязвимость компонента Media веб-браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности
BDU:2021-03956
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03957
Уязвимость компонента Compositing веб-браузера Google Chrome операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-03971
Уязвимость компонента WebXR браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03980
Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-04019
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-04024
Уязвимость пользовательского интерфейса Chromium браузера Google Chrome, позволяющая нарушителю выполнить запись за пределами памяти
BDU:2021-04038
Уязвимость компонента WebGL веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2021-04040
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-04062
Уязвимость интерфейса Web Serial API браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-04234
Уязвимость веб-браузера Google Chrome операционных систем iOS, связанная с недостатками разграничения доступа при обработке изображений, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2021-04235
Уязвимость компонента UI framework веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2021-04236
Уязвимость реализации анимации (Animation) веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-11-21
CVE-2021-30541
Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2021-30559
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2021-30560
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
- https://crbug.com/1219209
- https://crbug.com/1219209
- [debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update
- [debian-lts-announce] 20220909 [SECURITY] [DLA 3101-1] libxslt security update
- GLSA-202310-23
- GLSA-202310-23
- DSA-5216
- DSA-5216
Modified: 2024-11-21
CVE-2021-30561
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- http://packetstormsecurity.com/files/163835/Chrome-JS-WasmJs-InstallConditionalFeatures-Object-Corruption.html
- http://packetstormsecurity.com/files/163835/Chrome-JS-WasmJs-InstallConditionalFeatures-Object-Corruption.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html
- https://crbug.com/1219630
- https://crbug.com/1219630
Modified: 2024-11-21
CVE-2021-30562
Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2025-02-19
CVE-2021-30563
Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2021-30564
Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Modified: 2024-11-21
CVE-2021-30565
Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1210985
- https://crbug.com/1210985
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30566
Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1202661
- https://crbug.com/1202661
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30567
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1211326
- https://crbug.com/1211326
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30568
Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1219886
- https://crbug.com/1219886
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30569
Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1218707
- https://crbug.com/1218707
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30571
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1101897
- https://crbug.com/1101897
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30572
Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1214234
- https://crbug.com/1214234
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30573
Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1216822
- https://crbug.com/1216822
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30574
Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1227315
- https://crbug.com/1227315
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30575
Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1213313
- https://crbug.com/1213313
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30576
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1194896
- https://crbug.com/1194896
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30577
Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1204811
- https://crbug.com/1204811
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30578
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1201074
- https://crbug.com/1201074
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30579
Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1207277
- https://crbug.com/1207277
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30580
Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1189092
- https://crbug.com/1189092
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30581
Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1194431
- https://crbug.com/1194431
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30582
Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1205981
- https://crbug.com/1205981
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30583
Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1179290
- https://crbug.com/1179290
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30584
Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1213350
- https://crbug.com/1213350
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30585
Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1023503
- https://crbug.com/1023503
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30586
Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1201032
- https://crbug.com/1201032
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30587
Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1204347
- https://crbug.com/1204347
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30588
Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1195650
- https://crbug.com/1195650
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Modified: 2024-11-21
CVE-2021-30589
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
- https://crbug.com/1180510
- https://crbug.com/1180510
- FEDORA-2021-78b9d84299
- FEDORA-2021-78b9d84299
- FEDORA-2021-02b301441f
- FEDORA-2021-02b301441f
- FEDORA-2021-6225d60814
- FEDORA-2021-6225d60814
Closed vulnerabilities
BDU:2022-00342
Уязвимость библиотеки СИ для асинхронных запросов DNS c-ares, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
- https://bugzilla.redhat.com/show_bug.cgi?id=1988342
- https://bugzilla.redhat.com/show_bug.cgi?id=1988342
- https://c-ares.haxx.se/adv_20210810.html
- https://c-ares.haxx.se/adv_20210810.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- GLSA-202401-02
- GLSA-202401-02
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html