Page 15 of 136 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 49EXPL: 0

CVE-2021-22118 – spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application

https://notcve.org/view.php?id=CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. En Spring Framework, versiones 5.2.x anteriores a 5.2.15 y versiones 5.3.x anteriores a 5.3.7, una aplicación WebFlux es vulnerable a una escalada de privilegios: al (re)crear el directorio de almacenamiento temporal, un usuario malicioso autenticado localmente puede leer o modificar archivos que han sido subidos a la aplicación WebFlux, o sobrescribir archivos arbitrarios con petición de datos de múltiples partes • https://security.netapp.com/advisory/ntap-20210713-0005 https://tanzu.vmware.com/security/cve-2021-22118 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-22118 https://bugzilla.redhat.com/show_bug.cgi?id=1974854 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2021-3520 – lz4: memory corruption due to an integer overflow bug caused by memmove argument

https://notcve.org/view.php?id=CVE-2021-3520

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. Se presenta un fallo en lz4. Un atacante que envíe un archivo diseñado hacia una aplicación enlazada con lz4 puede ser capaz de desencadenar un desbordamiento de enteros, conllevando una llamada de la función memmove() con un argumento de tamaño negativo, causando una escritura fuera de límites y/o un bloqueo. • https://bugzilla.redhat.com/show_bug.cgi?id=1954559 https://security.netapp.com/advisory/ntap-20211104-0005 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-3520 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2

CVE-2021-28170 – jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

https://notcve.org/view.php?id=CVE-2021-28170

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. En la implementación de Jakarta Expression Language versiones 3.0.3 y anteriores, un bug en la función ELParserTokenManager permite que las expresiones EL no válidas sean evaluadas como si fueran válidas • https://github.com/eclipse-ee4j/el-ri/issues/155 https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-28170 https://bugzilla.redhat.com/show_bug.cgi?id=1965497 • CWE-20: Improper Input Validation CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

CVE-2021-3200 – libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c

https://notcve.org/view.php?id=CVE-2021-3200

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service Una vulnerabilidad de desbordamiento de búfer en libsolv versiones hasta el 13-12-2020 por medio de la función Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp en el archivo src/testcase.c: línea 2334, que podría causar una denegación de servicio A flaw was found in libsolv. A buffer overflow vulnerability could cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/416 https://github.com/yangjiageng/PoC/blob/master/libsolv-PoCs/PoC-testcase_read-2334 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-3200 https://bugzilla.redhat.com/show_bug.cgi?id=1962307 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3

CVE-2020-28469 – Regular Expression Denial of Service (ReDoS)

https://notcve.org/view.php?id=CVE-2020-28469

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. Esto afecta al paquete glob-parent versiones anteriores a 5.1.2. La regex de enclosure usada para comprobar las cadenas que terminan en enclosure conteniendo el separador de ruta A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. • https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9 https://github.com/gulpjs/glob-parent/pull/36 https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092 https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-28469 https://bugzilla • CWE-400: Uncontrolled Resource Consumption •