CVSS: 7.5EPSS: 8%CPEs: 50EXPL: 0CVE-2021-41991
https://notcve.org/view.php?id=CVE-2021-41991
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. La caché de certificados en memoria en strongSwan versiones anteriores a 5.9.4, presenta un desbordamiento de enteros remoto al recibir muchas peticiones con diferentes certificados para llenar la caché y posteriormente desencadenar la sustitución de las entradas de la caché. El código intenta seleccionar una entrada de caché menos usada mediante un generador de números aleatorios, pero esto no es realizado correctamente. • https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf https://github.com/strongswan/strongswan/releases/tag/5.9.4 https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mes • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33716
https://notcve.org/view.php?id=CVE-2021-33716
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. Se ha identificado una vulnerabilidad en SIMATIC CP 1543-1 (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.0), SIMATIC CP 1545-1 (Todas las versiones anteriores a V1.1). Un atacante con acceso a la subred del dispositivo afectado podría recuperar información sensible almacenada en texto claro • https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 1CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. libcurl mantiene las conexiones usadas previamente en un pool de conexiones para reusarlas en posteriores transferencias, si una de ellas coincide con la configuración. Debido a errores en la lógica, la función de coincidencia de la configuración no tenía en cuenta "issuercert" y comparaba las rutas implicadas *sin tener en cuenta el caso*, que podía conllevar a que libcurl reusara conexiones erróneas. Las rutas de los archivos son, o pueden ser, casos confidenciales en muchos sistemas, pero no en todos, y pueden incluso variar dependiendo de los sistemas de archivos usados. La comparación tampoco incluía el "issuercert" que una transferencia puede ajustar para calificar cómo verificar el certificado del servidor A flaw was found in libcurl in the way libcurl handles previously used connections without accounting for 'issuer cert' and comparing the involved paths case-insensitively. This flaw allows libcurl to use the wrong connection. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf https://hackerone.com/reports/1223565 https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0c • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causando una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D https://mail.openvswitch.org/pipermail/ovs-dev/2021&# • CWE-400: Uncontrolled Resource Consumption •