CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3482 – exiv2: Heap-based buffer overflow in Jp2Image::readMetadata()
https://notcve.org/view.php?id=CVE-2021-3482
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data. Se encontró un fallo en Exiv2 en versiones anteriores e incluyendo 0.27.4-RC1. Una comprobación inapropiada de la entrada de la propiedad rawData.size en la función Jp2Image::readMetadata() en el archivo jp2image.cpp puede conllevar a un desbordamiento del búfer en la región stack de la memoria por medio de una imagen JPG diseñada que contiene datos EXIF ??maliciosos A flaw was found in Exiv2. • https://bugzilla.redhat.com/show_bug.cgi?id=1946314 https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN https://www.debian.org/security/2021/dsa-4958 https://access.redhat.com/security/cve/CVE-2021-3482 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2021-29154 – kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
https://notcve.org/view.php?id=CVE-2021-29154
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. Los compiladores BPF JIT en el kernel de Linux hasta la versión 5.11.12 tienen un cálculo incorrecto de los desplazamientos de rama, lo que les permite ejecutar código arbitrario dentro del contexto del kernel. Esto afecta a arch/x86/net/bpf_jit_comp.c y arch/x86/net/bpf_jit_comp32.c A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. • http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26f55a59dc65ff77cd1c4b37991e26497fc68049 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4d4d456436bfb2fe412ee2cd489f7658449b098 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-anno • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1405 – Clam AntiVirus (ClamAV) PDF Parser Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-1405
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de correo electrónico del software Clam AntiVirus (ClamAV) versión 0.103.1 y todas las versiones anteriores podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio en un dispositivo afectado. • https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html https://security.gentoo.org/glsa/202104-07 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-909: Missing Initialization of Resource •
CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20221 – qemu: out-of-bound heap buffer access via an interrupt ID field
https://notcve.org/view.php?id=CVE-2021-20221
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. Se encontró un problema de acceso al búfer de pila fuera de límites en el emulador ARM Generic Interrupt Controller de QEMU hasta e incluyendo qemu versión 4.2.0 en la plataforma aarch64. • http://www.openwall.com/lists/oss-security/2021/02/05/1 https://bugzilla.redhat.com/show_bug.cgi?id=1924601 https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.netapp.com/advisory/ntap-20210708-0005 https://access.redhat.com/security/cve/CVE-2021-20221 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36311
https://notcve.org/view.php?id=CVE-2020-36311
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. Se detectó un problema en el kernel de Linux versiones anteriores a 5.9. El archivo arch/x86/kvm/svm/sev.c permite a atacantes causar una denegación de servicio (bloqueo suave) al desencadenar la destrucción de una SEV VM grande (que requiere anular el registro de muchas regiones cifradas), también se conoce como CID-7be74942f184 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7be74942f184fdfba34ddd19a0d995deb34d4a03 https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html https://www.debian.org/security/2021/dsa-4941 •