Page 102 of 1215 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2021-22207

https://notcve.org/view.php?id=CVE-2021-22207

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file Un consumo excesivo de la memoria en el disector MS-WSP en Wireshark versiones 3.4.0 hasta 3.4.4 y versiones 3.2.0 hasta 3.2.12, permite una denegación de servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json https://gitlab.com/wireshark/wireshark/-/issues/17331 https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD https://security.gentoo.org/glsa/202107-21 https://www.debian.o • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 96%CPEs: 6EXPL: 19

CVE-2021-22204 – ExifTool Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Una neutralización inapropiada de los datos del usuario en el formato de archivo DjVu en ExifTool versiones 7.44 y posteriores, permite una ejecución de código arbitrario cuando se analiza la imagen maliciosa Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image • https://www.exploit-db.com/exploits/50911 https://github.com/convisolabs/CVE-2021-22204-exiftool https://github.com/AssassinUKG/CVE-2021-22204 https://github.com/se162xg/CVE-2021-22204 https://github.com/UNICORDev/exploit-CVE-2021-22204 https://github.com/bilkoh/POC-CVE-2021-22204 https://github.com/mr-tuhin/CVE-2021-22204-exiftool https://github.com/Akash7350/CVE-2021-22204 https://github.com/PenTestical/CVE-2021-22204 https://github.com/0xBruno/CVE-2021-22204 https: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2021-31607

https://notcve.org/view.php?id=CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). En SaltStack Salt versiones 2016.9 hasta 3002.6, se presenta una vulnerabilidad de inyección de comando en el módulo snapper que permite una escalada local de privilegios en un minion. El ataque requiere que sea creado un archivo con un nombre de ruta respaldado por snapper, y que el maestro llame a la función snapper.diff (que ejecuta popen de manera no segura) • https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDKMAJXYFHM4USVX3H5V2GCCBGASWUSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-29470 – Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header

https://notcve.org/view.php?id=CVE-2021-29470

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. • https://github.com/Exiv2/exiv2/pull/1581 https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBKWLTXM7IKZ4PVGKLUQVAVFAYGGF7QR https://lists.fedoraproject.org/archives/list/package-a • CWE-125: Out-of-bounds Read •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

CVE-2021-2196 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)

https://notcve.org/view.php?id=CVE-2021-2196

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJQRPXNDH6YHQLUSCS5VA7DAW32PN7N7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJVUTKKFQAWR7NURCQHQQ5JHTVYGEOYQ https://security.netapp.com/advisory/ntap-20210513-0002 https://www.oracle.com/security-alerts/cpuapr2021.html https://access.redhat.com/security/cve/CVE-2021-2196 https •