CVE-2021-3700
https://notcve.org/view.php?id=CVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la función usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando son serializados grandes cantidades de datos de escritura en búfer en el caso de un destino lento o bloqueado • https://bugzilla.redhat.com/show_bug.cgi?id=1992830 https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html • CWE-416: Use After Free •
CVE-2021-3596
https://notcve.org/view.php?id=CVE-2021-3596
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Se ha encontrado un fallo de desreferencia de puntero NULL en ImageMagick en versiones anteriores a 7.0.10-31 en la función ReadSVGImage() en el archivo coders/svg.c. Este problema es debido a que no es comprobado el valor de retorno de xmlCreatePushParserCtxt() de libxml2 y es usado el valor directamente, conllevando a un fallo de bloqueo y segmentación • https://bugzilla.redhat.com/show_bug.cgi?id=1970569 https://github.com/ImageMagick/ImageMagick/issues/2624 https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-476: NULL Pointer Dereference •
CVE-2021-3773 – kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients
https://notcve.org/view.php?id=CVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Un fallo en netfilter podría permitir a un atacante conectado a la red inferir información del endpoint de la conexión openvpn para su posterior uso en ataques de red tradicionales • https://github.com/d0rb/CVE-2021-3773 https://bugzilla.redhat.com/show_bug.cgi?id=2004949 https://www.oracle.com/security-alerts/cpujul2022.html https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024 https://access.redhat.com/security/cve/CVE-2021-3773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-45417 – aide: heap-based buffer overflow on outputs larger than B64_BUF
https://notcve.org/view.php?id=CVE-2021-45417
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. AIDE versiones anteriores a 0.17.4, permite a usuarios locales obtener privilegios de root por medio de metadatos de archivo diseñados (como atributos extendidos de XFS o ACLs de tmpfs), debido a un desbordamiento de búfer en la región heap de la memoria A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL. • http://www.openwall.com/lists/oss-security/2022/01/20/3 https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html https://security.gentoo.org/glsa/202311-07 https://www.debian.org/security/2022/dsa-5051 https://www.ipi.fi/pipermail/aide/2022-January/001713.html https://www.openwall.com/lists/oss-security/2022/01/20/3 https://access.redhat.com/security/cve/CVE-2021-45417 https://bugzilla.redhat.com/show_bug.cgi?id=2041489 • CWE-787: Out-of-bounds Write •
CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. • http://www.openwall.com/lists/oss-security/2022/01/18/3 https://access.redhat.com/security/cve/CVE-2021-4104 https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033 https://security.gentoo.org/glsa/202209-02 https://security.gentoo.org/glsa/202310-16 https://security.gentoo.org/glsa/202312-02 https://security.gentoo.org/glsa/202312-04 https://security.netapp.com/advisory/ntap-20211223-0007 https • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •