CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20286
https://notcve.org/view.php?id=CVE-2021-20286
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service. Se encontró un fallo en libnbd versión 1.7.3. Un error de aserción en la función nbd_unlocked_opt_go en la biblioteca ilb/opt.c puede causar una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1934727 https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 • CWE-617: Reachable Assertion •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2021-20179 – pki-core: Unprivileged users can renew any certificate
https://notcve.org/view.php?id=CVE-2021-20179
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en pki-core. Un atacante que haya comprometido con éxito una clave podría usar este fallo para renovar el certificado correspondiente una y otra vez, siempre que no se revoque explícitamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1914379 https://github.com/dogtagpki/pki/pull/3474 https://github.com/dogtagpki/pki/pull/3475 https://github.com/dogtagpki/pki/pull/3476 https://github.com/dogtagpki/pki/pull/3477 https://github.com/dogtagpki/pki/pull/3478 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20232 – gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c
https://notcve.org/view.php?id=CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en la función client_send_params en la biblioteca lib/ext/pre_shared_key.c puede conllevar a una corrupción en la memoria y otras potenciales consecuencias A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922275 https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E https://lists.apach • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2021-20231 – gnutls: Use after free in client key_share extension
https://notcve.org/view.php?id=CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en el cliente que envía la extensión key_share puede conllevar a una corrupción de la memoria y otras consecuencias A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922276 https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E https://lists.apach • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20261
https://notcve.org/view.php?id=CVE-2021-20261
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. Se encontró una condición de carrera en la implementación del kernel de Linux del software manejador del controlador de la unidad de disquete. • https://bugzilla.redhat.com/show_bug.cgi?id=1932150 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •