CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-39252 – ntfs-3g: Out-of-bounds read in ntfs_ie_lookup()
https://notcve.org/view.php?id=CVE-2021-39252
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una lectura fuera de los límites en la función ntfs_ie_lookup en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation flaw. When processing a crafted NTFS image there is an improper check which leads to an out of bounds read. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI https://security.gentoo.org/glsa/202301-01 https://www.debian.org/security/2021/dsa • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-39251 – ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open()
https://notcve.org/view.php?id=CVE-2021-39251
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una desreferencia de puntero NULL en la función ntfs_extent_inode_open en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation attack. When processing a crafted NTFS image there is an improper check. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • http://www.openwall.com/lists/oss-security/2021/08/30/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 https://bugzilla.redhat.com/show_bug.cgi?id=2001649 https://github.com/tuxera/ntfs-3g/releases https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3 https://lists.f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 0CVE-2021-40490
https://notcve.org/view.php?id=CVE-2021-40490
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Se ha detectado una condición de carrera en la función ext4_write_inline_data_end en el archivo fs/ext4/inline.c en el subsistema ext4 en el kernel de Linux versiones hasta 5.13.13 • https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N https://security.netapp.com/adv • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33582 – cyrus-imapd: Denial of service via string hashing algorithm collisions
https://notcve.org/view.php?id=CVE-2021-33582
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. Cyrus IMAP versiones anteriores a 3.4.2, permite a atacantes remotos causar una denegación de servicio (cuelgue del demonio de varios minutos) por medio de una entrada manejada inapropiadamente durante la interacción de la tabla hash. Debido a que presenta muchas inserciones en un solo cubo, strcmp se vuelve lento. • https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released https://github.com/cyrusimap/cyrus-imapd/commits/master https://github.com/cyrusimap/cyrus-imapd/security/advisories https://lists.debian.org/debian-lts-announce/2022/06/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HEO3RURJW6NLIXS7NK5PVU6MGHC4SCM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 1CVE-2021-40085 – openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
https://notcve.org/view.php?id=CVE-2021-40085
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. Se ha detectado un problema en OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.2.1 y 18.x versiones anteriores a 18.1.1. Unos atacantes autenticados pueden reconfigurar dnsmasq por medio de un valor extra_dhcp_opts diseñado An input-validation flaw was found in openstack-neutron, where an authenticated attacker could change the dnsmasq configuration. By crafting extra_dhcp_opts values, the attacker could crash the dnsmasq, change parameters for tenants sharing the same interface, or otherwise alter that daemon’s behavior. • http://www.openwall.com/lists/oss-security/2021/08/31/2 https://launchpad.net/bugs/1939733 https://lists.debian.org/debian-lts-announce/2021/10/msg00005.html https://lists.debian.org/debian-lts-announce/2022/05/msg00038.html https://security.openstack.org/ossa/OSSA-2021-005.html https://www.debian.org/security/2021/dsa-4983 https://access.redhat.com/security/cve/CVE-2021-40085 https://bugzilla.redhat.com/show_bug.cgi?id=1998052 • CWE-20: Improper Input Validation •