Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2021-02-09 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21122 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Date published : 2021-02-09 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21121 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Date published : 2021-02-09 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21120 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Date published :...
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Date published : 2021-02-09 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21118 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file. Date published : 2021-02-09 https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1137179
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered...
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. Date published : 2021-02-09 https://www.ibm.com/support/pages/node/6413389 https://exchange.xforce.ibmcloud.com/vulnerabilities/192913
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users’ session. IBM X-Force ID: 192912. Date published : 2021-02-09...
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446. Date published : 2021-02-09 https://www.ibm.com/support/pages/node/6413399 https://exchange.xforce.ibmcloud.com/vulnerabilities/189446
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379. Date published : 2021-02-09...
IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375. Date published...
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) Date published...
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is...