CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43414
https://notcve.org/view.php?id=CVE-2021-43414
07 Nov 2021 — An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. Se ha detectado un problema en GNU Hurd versiones anteriores a 0.9 20210404-9. El uso de un protocolo de autenticación en el servidor proc es vulnerable a unos ataques de tipo man-in-the-middle, que pueden ser explotados para la escalada de privilegios local para conseguir... • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43411
https://notcve.org/view.php?id=CVE-2021-43411
07 Nov 2021 — An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. Se ha detectado un problema en GNU Hurd versiones anteriores a 0.9 20210404-9. Cuando se intenta ejecutar un ejecutable setuid, se presenta una ventana de tiempo cuando el proceso ya presenta los nuevos privile... • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-43396
https://notcve.org/view.php?id=CVE-2021-43396
04 Nov 2021 — In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to t... • https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42097 – mailman: CSRF token bypass allows to perform CSRF attacks and account takeover
https://notcve.org/view.php?id=CVE-2021-42097
21 Oct 2021 — GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). GNU Mailman versiones anteriores a 2.1.35, puede permitir una escalada de privilegios remota. Un valor csrf_token no es específico de una sola cuenta de usuario. • http://www.openwall.com/lists/oss-security/2021/10/21/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42096 – mailman: CSRF token derived from admin password allows offline brute-force attack
https://notcve.org/view.php?id=CVE-2021-42096
21 Oct 2021 — GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contraseña del administrador, y puede ser útil para llevar a cabo un ataque de fuerza bruta contra esa contraseña Sensitive information is exposed to unprivilege... • http://www.openwall.com/lists/oss-security/2021/10/21/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39525
https://notcve.org/view.php?id=CVE-2021-39525
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow. Se ha detectado un problema en libredwg versiones hasta 0.10.1.3751. La función bit_read_fixed() en el archivo bits.c presenta un desbordamiento de búfer en la región heap de la memoria • https://github.com/LibreDWG/libredwg/issues/261 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39523
https://notcve.org/view.php?id=CVE-2021-39523
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service. Se ha detectado un problema en libredwg versiones hasta 0.10.1.3751. Se presenta una desreferencia de puntero NULL en la función check_POLYLINE_handles() ubicada en el archivo decode.c. • https://github.com/LibreDWG/libredwg/issues/251 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39527
https://notcve.org/view.php?id=CVE-2021-39527
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow. Se ha detectado un problema en libredwg versiones hasta 0.10.1.3751. La función appinfo_private() en el archivo decode.c presenta un desbordamiento del búfer en la región heap de la memoria • https://github.com/LibreDWG/libredwg/issues/252 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39528
https://notcve.org/view.php?id=CVE-2021-39528
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. Se ha detectado un problema en libredwg versiones hasta 0.10.1.3751. La función dwg_free_MATERIAL_private() en el archivo dwg.spec presenta una doble liberación • https://github.com/LibreDWG/libredwg/issues/256 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39530
https://notcve.org/view.php?id=CVE-2021-39530
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. Se ha detectado un problema en libredwg versiones hasta 0.10.1.3751. La función bit_wcs2nlen() en el archivo bits.c presenta un desbordamiento del búfer en la región heap de la memoria • https://github.com/LibreDWG/libredwg/issues/258 • CWE-787: Out-of-bounds Write •