CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability is to data confidentiality and integrity. • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://security.gentoo.org/glsa/202209-16 https://security.netapp.com/advisory/ntap-20210716-0002 https://www.debian.org/security/2021/dsa-4951 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html https://access.redhat.com/security/cve/CVE-2021& • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33833
https://notcve.org/view.php?id=CVE-2021-33833
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). ConnMan (también se conoce como Connection Manager) versiones 1.30 hasta 1.39, presenta un desbordamiento del búfer en la región stack de la memoria en el parámetro uncompress en el archivo dnsproxy.c por medio de NAME, RDATA o RDLENGTH (para A o AAAA) • http://www.openwall.com/lists/oss-security/2021/06/09/1 http://www.openwall.com/lists/oss-security/2022/01/25/1 https://lists.debian.org/debian-lts-announce/2022/02/msg00009.html https://lore.kernel.org/connman https://security.gentoo.org/glsa/202107-29 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 215EXPL: 0CVE-2020-24489 – hw: vt-d related privilege escalation
https://notcve.org/view.php?id=CVE-2020-24489
Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access. Una limpieza incompleta en algunos productos Intel® VT-d puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de un acceso local A flaw was found in Intel® VT-d products. Entries from the context cache on some types of context cache invalidations may not be properly invalidated which may allow an authenticated user to potentially enable escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html https://access.redhat.com/security/cve/CVE-2020-24489 https://bugzilla.redhat.com/show_bug.cgi?id=1962650 • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 72EXPL: 0CVE-2020-24513 – hw: information disclosure on some Intel Atom processors
https://notcve.org/view.php?id=CVE-2020-24513
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una vulnerabilidad en la ejecución transitoria de omisión de dominios en algunos procesadores Intel Atom® puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso local A potential domain bypass transient execution vulnerability was discovered on some Intel Atom® processors that uses a microarchitectural incidental channel. Currently this channel can reveal supervisor data in the L1 cache and the contents of recent stores. As a consequence, this issue may allow an authenticated user to potentially enable information disclosure via local access. • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html https://www.debian.org/security/2021/dsa-4934 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html https://access.redhat.com/security/cve/CVE-2020-24513 https://bugzilla.redhat.com/show_bug.cgi?id=1962666 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-33829
https://notcve.org/view.php?id=CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. Una vulnerabilidad de tipo cross-site scripting (XSS) en el Procesador de Datos HTML en CKEditor versiones 4 4.14.0 hasta 4.16.x versiones anteriores a 4.16.1, permite a atacantes remotos inyectar código JavaScript ejecutable mediante un comentario diseñado porque -!> No es manejado apropiadamente • https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •