CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-41133 – Sandbox bypass via recent VFS-manipulating syscalls
https://notcve.org/view.php?id=CVE-2021-41133
08 Oct 2021 — Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccom... • http://www.openwall.com/lists/oss-security/2021/10/26/9 • CWE-20: Improper Input Validation •
CVSS: 9.6EPSS: 83%CPEs: 3EXPL: 5CVE-2021-30632 – Google Chromium V8 Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-30632
08 Oct 2021 — Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de límites en V8 en Google Chrome versiones anteriores a 93.0.4577.82, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a c... • https://packetstorm.news/files/id/172845 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 62%CPEs: 6EXPL: 2CVE-2021-37975 – Google Chromium V8 Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-37975
08 Oct 2021 — Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en V8 en Google Chrome versiones anteriores a 94.0.4606.71, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information dis... • https://packetstorm.news/files/id/172847 • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28702 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28702
06 Oct 2021 — PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. ... • http://www.openwall.com/lists/oss-security/2021/10/07/2 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-41099 – Integer overflow issue with strings in Redis
https://notcve.org/view.php?id=CVE-2021-41099
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the ... • https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 1%CPEs: 13EXPL: 0CVE-2021-32762 – Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
https://notcve.org/view.php?id=CVE-2021-32762
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern system... • https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2021-32687 – Integer overflow issue with intsets in Redis
https://notcve.org/view.php?id=CVE-2021-32687
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additi... • https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 13EXPL: 0CVE-2021-32675 – DoS vulnerability in Redis
https://notcve.org/view.php?id=CVE-2021-32675
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication re... • https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2021-32672 – Vulnerability in Lua Debugger in Redis
https://notcve.org/view.php?id=CVE-2021-32672
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. Redis es una base de datos en memoria de código abierto que persiste en el disco. • https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-32627 – Integer overflow issue with Streams in Redis
https://notcve.org/view.php?id=CVE-2021-32627
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional... • https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •