CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29648
https://notcve.org/view.php?id=CVE-2021-29648
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El subsistema BPF no considera adecuada... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29649 – Ubuntu Security Notice USN-4948-1
https://notcve.org/view.php?id=CVE-2021-29649
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El controlador de modo de usuario (UMD) tiene una fuga de memoria copy_process(), relacionada con una falta de pasos de limpieza en kernel/usermode_driver.c y kernel/bpf/pre... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29650 – kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
https://notcve.org/view.php?id=CVE-2021-29650
30 Mar 2021 — An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. Se ha descubierto un problema en el kernel de Linux en versiones anteriores a la 5.11.11. El subsistema netfilter permite a los atacantes causar una denegación de servicio (panic) porque net/netfilter/x_tables.c... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.11 • CWE-662: Improper Synchronization •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29424
https://notcve.org/view.php?id=CVE-2021-29424
29 Mar 2021 — The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. El módulo Net::Netmask versiones anteriores a 2.0000 para Perl no considera apropiadamente los caracteres cero extraños al comienzo de una cadena de dirección IP, lo que (en algunas situaciones) permite a atacantes omitir el control de acceso basado en direcciones IP • https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-29623 – webkitgtk: User may be unable to fully delete browsing history
https://notcve.org/view.php?id=CVE-2020-29623
28 Mar 2021 — "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. "Clear History and Website Data" no borró el historial. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ • CWE-459: Incomplete Cleanup •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 1CVE-2021-22876 – curl: Leak of authentication credentials in URL via automatic Referer
https://notcve.org/view.php?id=CVE-2021-22876
28 Mar 2021 — curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. curl versiones 7.1.1 hasta 7.75.0 incluyéndola, es vulnerable a una "Exposure of... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 1CVE-2021-22890 – curl: TLS 1.3 session ticket mix-up with HTTPS proxy host
https://notcve.org/view.php?id=CVE-2021-22890
28 Mar 2021 — curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the serve... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-290: Authentication Bypass by Spoofing CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2021-20271 – rpm: Signature checks bypass via corrupted rpm package
https://notcve.org/view.php?id=CVE-2021-20271
26 Mar 2021 — A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. Se detectó un fallo en la funcionalidad de comprobación de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un ... • https://bugzilla.redhat.com/show_bug.cgi?id=1934125 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2020-1946 – Apache SpamAssassin has an OS Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2020-1946
25 Mar 2021 — In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. En Apache SpamAssassin anterior a versión 3.4.5, los archivos de configuración de reglas maliciosas (.cf) se pueden configurar para ejecutar comandos del sistema sin ningún ... • https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3466 – Gentoo Linux Security Advisory 202311-08
https://notcve.org/view.php?id=CVE-2021-3466
25 Mar 2021 — A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. Se ha encontrado un fallo en libmicrohttpd. • https://bugzilla.redhat.com/show_bug.cgi?id=1939127 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •