CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3802 – udisks2: insecure defaults in user-accessible mount helpers allow for a DoS
https://notcve.org/view.php?id=CVE-2021-3802
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en udisks2. Este fallo permite a un atacante introducir un archivo de imagen/USB especialmente diseñado, conllevando a un pánico del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=2003649 https://lists.debian.org/debian-lts-announce/2023/04/msg00009.html https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt https://access.redhat.com/security/cve/CVE-2021-3802 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3935
https://notcve.org/view.php?id=CVE-2021-3935
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. Cuando PgBouncer está configurado para usar la autenticación "cert", un atacante de tipo "man-in-the-middle" puede inyectar consultas SQL arbitrarias cuando se establece una conexión por primera vez, a pesar del uso de la verificación y el cifrado de certificados TLS. Este fallo afecta a PgBouncer versiones anteriores a 1.16.1 • http://www.pgbouncer.org/changelog.html#pgbouncer-116x https://bugzilla.redhat.com/show_bug.cgi?id=2021251 https://lists.debian.org/debian-lts-announce/2022/02/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-3941
https://notcve.org/view.php?id=CVE-2021-3941
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. En la rutina RGBtoXYZ() del archivo ImfChromaticities.cpp, se presentan algunas operaciones de división como "float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;" y "chroma.green.y * (X + Z)) / d;" pero no es comprobado que el divisor tenga un valor 0. Un archivo especialmente diseñado podría desencadenar una condición de división por cero que podría afectar a la disponibilidad de los programas enlazados con OpenEXR • https://bugzilla.redhat.com/show_bug.cgi?id=2019789 https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN https://security.gentoo.org/glsa/202210-31 https://www.debian.org/security/2022/dsa-5299 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3717 – wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
https://notcve.org/view.php?id=CVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. Se ha encontrado un fallo en Wildfly. • https://bugzilla.redhat.com/show_bug.cgi?id=1991305 https://security.netapp.com/advisory/ntap-20220804-0002 https://access.redhat.com/security/cve/CVE-2021-3717 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2021-3629 – undertow: potential security issue in flow control over HTTP/2 may lead to DOS
https://notcve.org/view.php?id=CVE-2021-3629
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. Se ha encontrado un fallo en Undertow. • https://bugzilla.redhat.com/show_bug.cgi?id=1977362 https://security.netapp.com/advisory/ntap-20220729-0008 https://access.redhat.com/security/cve/CVE-2021-3629 • CWE-400: Uncontrolled Resource Consumption •