CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2021-3246 – libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-3246
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Una vulnerabilidad de desbordamiento de buffer en la función msadpcm_decode_block de libsndfile versión 1.0.30, permite a atacantes ejecutar código arbitrario por medio de un archivo WAV diseñado A heap buffer overflow flaw was found in libsndfile. This flaw allows an attacker to execute arbitrary code via a crafted WAV file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://github.com/libsndfile/libsndfile/issues/687 https://lists.debian.org/debian-lts-announce/2021/07/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUDCEMMPRA3IYYYHVZUOUZXI65FU37V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7LNW4AVDVL3BU3N3KGVFLTYFASBVCIF https://security.gentoo.org/glsa/202309-11 https://www.debian.org/security/2021/dsa-4947 https://access.redhat.com/security/cve/CVE-2021-3246 https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-36773
https://notcve.org/view.php?id=CVE-2021-36773
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). uBlock Origin versiones anteriores a 1.36.2 y nMatrix versiones anteriores a 4.4.9, admiten una profundidad arbitraria de anidación de parámetros para un bloqueo estricto, lo que permite que los sitios web diseñados causar una denegación de servicio (recursividad ilimitada que puede desencadenar el consumo de memoria y la pérdida de toda la funcionalidad de bloqueo) • https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc https://lists.debian.org/debian-lts-announce/2022/06/msg00024.html https://news.ycombinator.com/item?id=27833752 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2021-32743 – Passwords used to access external services inadvertently exposed through API
https://notcve.org/view.php?id=CVE-2021-32743
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for external services expose those credentials through the API to authenticated API users with read permissions for the corresponding object types. IdoMysqlConnection and IdoPgsqlConnection (every released version) exposes the password of the user used to connect to the database. IcingaDB (added in 2.12.0) exposes the password used to connect to the Redis server. ElasticsearchWriter (added in 2.8.0)exposes the password used to connect to the Elasticsearch server. • https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10 https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-32739 – Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities
https://notcve.org/view.php?id=CVE-2021-32739
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. • https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 https://icinga.com/blog/2021/07/02/releasing-icinga-2-12-5-2-11-10 https://lists.debian.org/debian-lts-announce/2021/11/msg00010.html • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-22235
https://notcve.org/view.php?id=CVE-2021-22235
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file Un bloqueo en el disector DNP en Wireshark versiones 3.4.0 hasta 3.4.6 y versiones 3.2.0 hasta 3.2.14, permite una denegación de servicio por medio de la inyección de paquetes o un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json https://gitlab.com/wireshark/wireshark/-/issues/17462 https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html https://security.gentoo.org/glsa/202210-04 https://www.debian.org/security/2021/dsa-5019 https://www.wireshark.org/security/wnpa-sec-2021-05.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •