CVE-2021-3522
https://notcve.org/view.php?id=CVE-2021-3522
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de límites al manejar determinadas etiquetas ID3v2 • https://bugzilla.redhat.com/show_bug.cgi?id=1954761 https://security.gentoo.org/glsa/202208-31 https://security.netapp.com/advisory/ntap-20211022-0004 https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-125: Out-of-bounds Read •
CVE-2021-28164 – Jetty 9.4.37.v20210219 - Information Disclosure
https://notcve.org/view.php?id=CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones con URI que contienen segmentos %2e o %2e%2e acceder a recursos protegidos dentro del directorio WEB-INF. Por ejemplo, una petición a /context/%2e/WEB-INF/web.xml puede recuperar el archivo web.xml. • https://www.exploit-db.com/exploits/50438 http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6% • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVE-2021-28163 – jetty: Symlink directory exposes webapp directory contents
https://notcve.org/view.php?id=CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. En Eclipse Jetty versiones 9.4.32 hasta 9.4.38, versiones 10.0.0.beta2 hasta 10.0.1 y versiones 11.0.0.beta2 hasta 11.0.1, si un usuario usa un directorio de aplicaciones web que es un enlace simbólico, el contenido del directorio de aplicaciones web se implementa como una aplicación web estática, sin darse cuenta, sirviendo las aplicaciones web en sí y cualquier otra cosa que pueda estar en ese directorio. If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality. • https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-27223 – jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
https://notcve.org/view.php?id=CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. En Eclipse Jetty versiones 9.4.6.v20170531 hasta 9.4.36.v20210114 (inclusive), versiones 10.0.0 y 11.0.0, cuando Jetty maneja una petición que contiene múltiples encabezados Accept con una gran cantidad de parámetros “quality” (es decir, q), el servidor puede entrar en un estado de denegación de servicio (DoS) debido al alto uso de CPU procesando esos valores de calidad, resultando en minutos de tiempo de CPU agotados procesando esos valores de calidad • https://github.com/motikan2010/CVE-2020-27223 https://github.com/ttestoo/Jetty-CVE-2020-27223 https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128 https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7 https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cacb235995576f5bea78%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42cdc272f3176e473320%40%3Cusers.solr.apache.org%3E https://lists.apache.org/thread.html/r0b639bd9bfaea2650221 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVE-2020-14664 – Oracle Java Runtime Environment HTML Rendering Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14664
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • https://security.gentoo.org/glsa/202209-15 https://security.netapp.com/advisory/ntap-20200717-0005 https://www.oracle.com/security-alerts/cpujul2020.html https://www.zerodayinitiative.com/advisories/ZDI-20-897 •