CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 3CVE-2021-45417 – aide: heap-based buffer overflow on outputs larger than B64_BUF
https://notcve.org/view.php?id=CVE-2021-45417
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. AIDE versiones anteriores a 0.17.4, permite a usuarios locales obtener privilegios de root por medio de metadatos de archivo diseñados (como atributos extendidos de XFS o ACLs de tmpfs), debido a un desbordamiento de búfer en la región heap de la memoria A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL. • http://www.openwall.com/lists/oss-security/2022/01/20/3 https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html https://security.gentoo.org/glsa/202311-07 https://www.debian.org/security/2022/dsa-5051 https://www.ipi.fi/pipermail/aide/2022-January/001713.html https://www.openwall.com/lists/oss-security/2022/01/20/3 https://access.redhat.com/security/cve/CVE-2021-45417 https://bugzilla.redhat.com/show_bug.cgi?id=2041489 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 15%CPEs: 72EXPL: 0CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. • http://www.openwall.com/lists/oss-security/2022/01/18/3 https://access.redhat.com/security/cve/CVE-2021-4104 https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033 https://security.gentoo.org/glsa/202209-02 https://security.gentoo.org/glsa/202310-16 https://security.gentoo.org/glsa/202312-02 https://security.gentoo.org/glsa/202312-04 https://security.netapp.com/advisory/ntap-20211223-0007 https&# • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-3941
https://notcve.org/view.php?id=CVE-2021-3941
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;" y "chroma.green.y * (X + Z)) / d;" pero no es comprobado que el divisor tenga un valor 0. Un archivo especialmente diseñado podría desencadenar una condición de división por cero que podría afectar a la disponibilidad de los programas enlazados con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3717 – wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
https://notcve.org/view.php?id=CVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. Se ha encontrado un fallo en Wildfly. • https://bugzilla.redhat.com/show_bug.cgi?id=1991305 https://security.netapp.com/advisory/ntap-20220804-0002 https://access.redhat.com/security/cve/CVE-2021-3717 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2021-3629 – undertow: potential security issue in flow control over HTTP/2 may lead to DOS
https://notcve.org/view.php?id=CVE-2021-3629
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. Se ha encontrado un fallo en Undertow. • https://bugzilla.redhat.com/show_bug.cgi?id=1977362 https://security.netapp.com/advisory/ntap-20220729-0008 https://access.redhat.com/security/cve/CVE-2021-3629 • CWE-400: Uncontrolled Resource Consumption •