Rewterz Threat Advisory – Multiple Apache OpenOffice Vulnerabilities
October 8, 2021Rewterz Threat Advisory – ICS: Johnson Controls exacqVision Server Bundle
October 8, 2021Rewterz Threat Advisory – Multiple Apache OpenOffice Vulnerabilities
October 8, 2021Rewterz Threat Advisory – ICS: Johnson Controls exacqVision Server Bundle
October 8, 2021Severity
Medium
Analysis Summary
CVE-2021-22557
Google SLO-Generator could allow a remote attacker to execute arbitrary code on the system, caused by the loading of YAML files crafted in a specific format. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-37977
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Garbage Collection. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2021-37980
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Sandbox. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2021-37979
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by WebRTC. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-37978
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by Blink. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Impact
- Code Execution
- Security Bypass
- Buffer Overflow
Affected Vendors
Affected Products
- Google SLO-Generator 2.0.0
- Google Chrome 94
Remediation
Refer to Google Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-22557