CVE-2021-41183 – XSS in `*Text` options of the Datepicker widget
https://notcve.org/view.php?id=CVE-2021-41183
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. • https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released https://bugs.jqueryui.com/ticket/15284 https://github.com/jquery/jquery-ui/pull/1953 https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3 https://list • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-42327
https://notcve.org/view.php?id=CVE-2021-42327
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. la función dp_link_settings_write en el archivo drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c en el kernel de Linux versiones hasta 5.14.14, permite un desbordamiento de búfer en la región heap de la memoria por parte de un atacante que puede escribir una cadena en el sistema de archivos de depuración de los controladores de la GPU AMD. No se presentan comprobaciones de tamaño dentro de parse_write_buffer_into_params cuando usa el tamaño de copy_from_user para copiar un buffer de espacio de usuario en un buffer de pila de 40 bytes • https://github.com/docfate111/CVE-2021-42327 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7 https://security.netapp.com/advisory/ntap-20211118-0005 https://www.mail-archive.com/amd-gfx • CWE-787: Out-of-bounds Write •
CVE-2021-34866 – Linux Kernel eBPF Type Confusion Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34866
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://security.netapp.com/advisory/ntap-20220217-0008 https://www.zerodayinitiative.com/advisories/ZDI-21-1148 https://access.redhat.com/security/cve/CVE-2021-34866 https://bugzilla.redhat.com/show_bug.cgi?id=2000457 • CWE-697: Incorrect Comparison CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2021-42252
https://notcve.org/view.php?id=CVE-2021-42252
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. Se ha detectado un problema en la función aspeed_lpc_ctrl_mmap en el archivo drivers/soc/aspeed/aspeed-lpc-ctrl.c en el kernel de Linux versiones anteriores a 5.14.6. Unos atacantes locales capaces de acceder a la interfaz de control de Aspeed LPC podrían sobrescribir memoria en el kernel y potencialmente ejecutar privilegios, también se conoce como CID-b49a0e69a7b1. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96 https://security.netapp.com/advisory/ntap-20211112-0006 •
CVE-2021-42008
https://notcve.org/view.php?id=CVE-2021-42008
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. La función decode_data en el archivo drivers/net/hamradio/6pack.c en el kernel de Linux versiones anteriores a 5.13.13, presenta una escritura fuera de límites. La entrada desde un proceso que tiene la capacidad CAP_NET_ADMIN puede conllevar a un acceso de root • https://github.com/0xdevil/CVE-2021-42008 https://github.com/numanturle/CVE-2021-42008 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793 https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20211104-0002 https://www.youtube.com/watch?v=d5f9xLK8Vhw • CWE-787: Out-of-bounds Write •