CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2021-25214 – A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
https://notcve.org/view.php?id=CVE-2021-25214
29 Apr 2021 — In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. En BIND versiones 9.8.5 posteriores a 9.8.8, v... • http://www.openwall.com/lists/oss-security/2021/04/29/1 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 48EXPL: 0CVE-2021-25215 – An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself
https://notcve.org/view.php?id=CVE-2021-25215
29 Apr 2021 — In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as... • http://www.openwall.com/lists/oss-security/2021/04/29/1 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 5%CPEs: 45EXPL: 0CVE-2021-25216 – A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
https://notcve.org/view.php?id=CVE-2021-25216
29 Apr 2021 — In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for... • http://www.openwall.com/lists/oss-security/2021/04/29/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
22 Apr 2021 — A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SO... • http://www.openwall.com/lists/oss-security/2021/05/10/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2021-3506 – Ubuntu Security Notice USN-5016-1
https://notcve.org/view.php?id=CVE-2021-3506
19 Apr 2021 — An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se encontró un fallo de acceso a la memoria fuera de límites (OOB) en el archivo fs/f2fs/node.c en el módulo f2fs en el kernel de Linux en versiones... • http://www.openwall.com/lists/oss-security/2021/05/08/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29154 – kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
https://notcve.org/view.php?id=CVE-2021-29154
08 Apr 2021 — BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Los compiladores BPF JIT en el kernel de Linux hasta la versión 5.11.12 tienen un cálculo incorrecto de los desplazamientos de rama, lo que les permite ejecutar código arbitrario dentro del contexto del kernel. Esto afecta a arch/x86/net/bpf_jit_comp.c y arch/x86... • http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-28660 – Ubuntu Security Notice USN-4945-2
https://notcve.org/view.php?id=CVE-2021-28660
17 Mar 2021 — rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. La función rtw_wx_set_scan en el archivo drivers/staging/rtl8188eu/os_dep/ioctl_linux.c en el kernel de Linux versi... • http://www.openwall.com/lists/oss-security/2022/11/18/1 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 1CVE-2020-27618 – glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop
https://notcve.org/view.php?id=CVE-2020-27618
26 Feb 2021 — The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. La función iconv en la biblioteca GNU C (también se conoce como glibc o libc6) versiones 2.32 y anteriores, cuando se procesa secuencias de entrada de ... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 3CVE-2020-27815 – Debian Security Advisory 4843-1
https://notcve.org/view.php?id=CVE-2020-27815
25 Feb 2021 — A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el código del sistema de archivos JFS en el Kernel de Linux que permite que un atacante local con la capacidad de establecer atributos extendidos para poner en pánico a... • https://github.com/Trinadh465/linux-4.19.72_CVE-2020-27815 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.5EPSS: 0%CPEs: 38EXPL: 0CVE-2020-35508 – kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
https://notcve.org/view.php?id=CVE-2020-35508
25 Feb 2021 — A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. Se ha encontrado una posibilidad de fallo de condición de carrera y de inicialización incorrecta del id del proceso en el manejo del id del proceso child/parent del kernel de Linux mientras se filtran los manejadore... • https://bugzilla.redhat.com/show_bug.cgi?id=1902724 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-665: Improper Initialization •