CVE-2021-25682

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

Source: CVE-2021-25682

CVE-2021-25683

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

Source: CVE-2021-25683

CVE-2021-23393

This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False.

Source: CVE-2021-23393

CVE-2020-23323

There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.

Source: CVE-2020-23323

CVE-2021-26194

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.

Source: CVE-2021-26194

CVE-2021-26195

An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.

Source: CVE-2021-26195

CVE-2020-23313

There is an Assertion ‘scope_stack_p > context_p->scope_stack_p’ failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0

Source: CVE-2020-23313

CVE-2021-26198

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.

Source: CVE-2021-26198

CVE-2021-26197

An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.

Source: CVE-2021-26197

CVE-2020-23322

There is an Assertion in ‘context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA’ in parser_parse_object_initializer in JerryScript 2.2.0.

Source: CVE-2020-23322