Vulnerability-Lookup

CVE-2021-21128 (GCVE-0-2021-21128)

Vulnerability from cvelistv5 – Published: 2021-02-09 13:56 – Updated: 2024-08-03 18:01

Summary

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Severity ?

No CVSS data available.

CWE

Heap buffer overflow

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2021/01/sta…	x_refsource_MISC
	https://crbug.com/1138877	x_refsource_MISC
	https://msrc.microsoft.com/update-guide/en-US/vul…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: unspecified , < 88.0.4324.96 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:01:14.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/1138877"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "88.0.4324.96",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-24T19:54:09.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/1138877"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "88.0.4324.96"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://crbug.com/1138877",
              "refsource": "MISC",
              "url": "https://crbug.com/1138877"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128",
              "refsource": "MISC",
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2021-21128",
    "datePublished": "2021-02-09T13:56:02.000Z",
    "dateReserved": "2020-12-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:01:14.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-048

Vulnerability from certfr_avis - Published: 2021-01-20 - Updated: 2021-01-20

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 19 janvier 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21138"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21117"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-20T00:00:00",
  "last_revision_date": "2021-01-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-048",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 19 janvier 2021",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    }
  ]
}

CERTFR-2021-AVI-054

Vulnerability from certfr_avis - Published: 2021-01-22 - Updated: 2021-01-22

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 88.0.705.50
	Microsoft	Edge	Microsoft Edge (Chromiun-based) versions antérieures à 88.0.4324.96

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2021-21140 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21139 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21118 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21121 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21141 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21136 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21133 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21123 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21134 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21132 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21128 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21127 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21120 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21135 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21131 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21119 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21129 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21122 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21126 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21137 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21124 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21130 du 21 janvier 2021	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2021-21125 du 21 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 88.0.705.50",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromiun-based) versions ant\u00e9rieures \u00e0 88.0.4324.96",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-01-22T00:00:00",
  "last_revision_date": "2021-01-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-054",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21140 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21139 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21139"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21118 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21118"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21121 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21121"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21141 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21136 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21133 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21133"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21123 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21123"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21134 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21134"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21132 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21132"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21128 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21128"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21127 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21127"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21120 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21135 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21136"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21131 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21131"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21119 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21129 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21129"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21122 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21122"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21126 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21126"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21137 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21124 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21124"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21130 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21130"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2021-21125 du 21 janvier 2021",
      "url": "https://msrc.microsoft.com/update-guide/fr-FR/vulnerability/CVE-2021-21125"
    }
  ]
}

CERTFR-2021-AVI-103

Vulnerability from certfr_avis - Published: 2021-02-10 - Updated: 2021-02-10

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge pour Android
	Microsoft	Edge	Microsoft Edge (Chromium-based)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 février 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge pour Android",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge (Chromium-based)",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-21133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21133"
    },
    {
      "name": "CVE-2021-21148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21148"
    },
    {
      "name": "CVE-2021-21136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21136"
    },
    {
      "name": "CVE-2021-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21147"
    },
    {
      "name": "CVE-2021-21128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21128"
    },
    {
      "name": "CVE-2021-21139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21139"
    },
    {
      "name": "CVE-2021-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21140"
    },
    {
      "name": "CVE-2021-21143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21143"
    },
    {
      "name": "CVE-2021-21132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21132"
    },
    {
      "name": "CVE-2021-21126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21126"
    },
    {
      "name": "CVE-2021-21135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21135"
    },
    {
      "name": "CVE-2021-21129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21129"
    },
    {
      "name": "CVE-2021-21142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21142"
    },
    {
      "name": "CVE-2021-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21131"
    },
    {
      "name": "CVE-2021-24113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24113"
    },
    {
      "name": "CVE-2021-21122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21122"
    },
    {
      "name": "CVE-2021-21141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21141"
    },
    {
      "name": "CVE-2021-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21145"
    },
    {
      "name": "CVE-2021-21124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21124"
    },
    {
      "name": "CVE-2021-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21123"
    },
    {
      "name": "CVE-2021-21120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21120"
    },
    {
      "name": "CVE-2020-16044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16044"
    },
    {
      "name": "CVE-2021-21137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21137"
    },
    {
      "name": "CVE-2021-21121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21121"
    },
    {
      "name": "CVE-2021-21130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21130"
    },
    {
      "name": "CVE-2021-24100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24100"
    },
    {
      "name": "CVE-2021-21127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21127"
    },
    {
      "name": "CVE-2021-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21144"
    },
    {
      "name": "CVE-2021-21118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21118"
    },
    {
      "name": "CVE-2021-21146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21146"
    },
    {
      "name": "CVE-2021-21119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21119"
    },
    {
      "name": "CVE-2021-21134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21134"
    },
    {
      "name": "CVE-2021-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21125"
    }
  ],
  "initial_release_date": "2021-02-10T00:00:00",
  "last_revision_date": "2021-02-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 f\u00e9vrier 2021",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-V875-JF7G-HG8J

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41

Details

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-21128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-09T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-v875-jf7g-hg8j",
  "modified": "2022-05-24T17:41:34Z",
  "published": "2022-05-24T17:41:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21128"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1138877"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-21128

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Aliases

CVE-2021-21128

Aliases

CVE-2021-21128

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-21128",
    "description": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
    "id": "GSD-2021-21128",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-21128.html",
      "https://www.debian.org/security/2021/dsa-4846",
      "https://advisories.mageia.org/CVE-2021-21128.html",
      "https://security.archlinux.org/CVE-2021-21128"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-21128"
      ],
      "details": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      "id": "GSD-2021-21128",
      "modified": "2023-12-13T01:23:11.280580Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2021-21128",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "88.0.4324.96"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Heap buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
          },
          {
            "name": "https://crbug.com/1138877",
            "refsource": "MISC",
            "url": "https://crbug.com/1138877"
          },
          {
            "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.4324.96",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "88.0.705.50",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2021-21128"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
            },
            {
              "name": "https://crbug.com/1138877",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://crbug.com/1138877"
            },
            {
              "name": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-04T18:15Z",
      "publishedDate": "2021-02-09T14:15Z"
    }
  }
}

FKIE_CVE-2021-21128

Vulnerability from fkie_nvd - Published: 2021-02-09 14:15 - Updated: 2024-11-21 05:47

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
chrome-cve-admin@google.com	https://crbug.com/1138877	Exploit, Issue Tracking, Patch, Vendor Advisory
chrome-cve-admin@google.com	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://crbug.com/1138877	Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128	Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	chrome	*
	microsoft	edge_chromium	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "565ED6B8-8F41-4E79-A280-33CB321E607F",
              "versionEndExcluding": "88.0.4324.96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4045760-DF4A-4728-9B52-0280FC45C05D",
              "versionEndExcluding": "88.0.705.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer de pila en Blink en Google Chrome versiones anteriores a 88.0.4324.96, permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
    }
  ],
  "id": "CVE-2021-21128",
  "lastModified": "2024-11-21T05:47:37.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-09T14:15:16.123",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://crbug.com/1138877"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://crbug.com/1138877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-21128"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-21128

Vulnerability from fstec - Published: 20.01.2021

Title

Уязвимость механизма отображения веб-страниц Blink веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость механизма отображения веб-страниц Blink веб-браузера Google Chrome связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированной веб-страницы

Severity ?

Vendor

Microsoft Corp, Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc., Google Inc, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), до 88.0.4324.96 (Google Chrome), 15 SP1 (SUSE Package Hub for SUSE Linux Enterprise), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Google Chrome: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html Для программных продуктов Microsoft Corp.: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21128 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-21128 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-21128/ Для Astra Linux: Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 Для ОСОН Основа: Обновление программного обеспечения chromium до версии 90.0.4430.212+repack-1~deb10u1.osnova2 Для ОС ОН «Стрелец»: Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html https://crbug.com/1138877 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21128 https://nvd.nist.gov/vuln/detail/CVE-2021-21128 https://safe-surf.ru/upload/VULN/VULN-20210129.7.pdf https://security-tracker.debian.org/tracker/CVE-2021-21128 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://www.suse.com/security/cve/CVE-2021-21128/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Google Inc, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft Edge), 9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 15.1 (OpenSUSE Leap), 10 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), 15 SP2 (SUSE Package Hub for SUSE Linux Enterprise), \u0434\u043e 88.0.4324.96 (Google Chrome), 15 SP1 (SUSE Package Hub for SUSE Linux Enterprise), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21128\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-21128\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-21128/\n\n\n\u0414\u043b\u044f Astra Linux:\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 90.0.4430.212+repack-1~deb10u1.osnova2\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.02.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00905",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-21128",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Edge, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, SUSE Package Hub for SUSE Linux Enterprise, Google Chrome, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. OpenSUSE Leap 15.2 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 Blink \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 Blink \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html\nhttps://crbug.com/1138877\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21128\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21128\nhttps://safe-surf.ru/upload/VULN/VULN-20210129.7.pdf\nhttps://security-tracker.debian.org/tracker/CVE-2021-21128\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.suse.com/security/cve/CVE-2021-21128/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-21128 (GCVE-0-2021-21128)

CERTFR-2021-AVI-048

Solution

CERTFR-2021-AVI-054

Solution

CERTFR-2021-AVI-103

Solution

GHSA-V875-JF7G-HG8J

GSD-2021-21128

FKIE_CVE-2021-21128

CVE-2021-21128

Tags

Sightings

Nomenclature