Chromium: CVE-2021-37966 Inappropriate implementation in Compositing

Chromium: CVE-2021-37965 Inappropriate implementation in Background Fetch API

Chromium: CVE-2021-37964 Inappropriate implementation in ChromeOS Networking

Chromium: CVE-2021-37963 Side-channel information leakage in DevTools

Chromium: CVE-2021-37962 Use after free in Performance Manager

Chromium: CVE-2021-37961 Use after free in Tab Strip

Chromium: CVE-2021-37960 Inappropriate implementation in Blink graphics

Chromium: CVE-2021-37959 Use after free in Task Manager

Chromium: CVE-2021-37958 Inappropriate implementation in Navigation

Chromium: CVE-2021-37957 Use after free in WebGPU

Chromium: CVE-2021-37956 Use after free in Offline use

An internal reference count is held on the buffer pool incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing a use-after-free can be constructed on the wl_shm_pool tracking structure where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

Heap-based Buffer Overflow in vim/vim

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

Heap-based Buffer Overflow in vim/vim

A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.