CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29770
https://notcve.org/view.php?id=CVE-2021-29770
26 Jul 2021 — IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771. IBM i2 Analyst's Notebook Premium (IBM i2 Analyze versiones 4.3.0, 4.3.1 y 4.3.2) podría permitir a un usuario autenticado llevar a cabo acciones no autorizadas debido a una comprobación de entrada peligrosa. IBM X-Force ID: 202771 • https://exchange.xforce.ibmcloud.com/vulnerabilities/202771 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29769
https://notcve.org/view.php?id=CVE-2021-29769
26 Jul 2021 — IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 202769. IBM i2 Analyst's Notebook Premium (IBM i2 Analyze versiones 4.3.0, 4.3.1 y 4.3.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/202769 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29766
https://notcve.org/view.php?id=CVE-2021-29766
26 Jul 2021 — IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680. IBM i2 Analyst's Notebook Premium (IBM i2 Analyze versiones 4.3.0, 4.3.1 y 4.3.2) podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/202680 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20430
https://notcve.org/view.php?id=CVE-2021-20430
26 Jul 2021 — IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341. IBM i2 Analyst's Notebook Premium (IBM i2 Analyze versiones 4.3.0, 4.3.1 y 4.3.2) podría permitir a un atacante remoto obtener información confidencial cuando se devuelve un mensaje de error técnico detallado en e... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196341 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.9EPSS: 0%CPEs: 9EXPL: 1CVE-2021-3573 – kernel: use-after-free in function hci_sock_bound_ioctl()
https://notcve.org/view.php?id=CVE-2021-3573
21 Jul 2021 — A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. Se detec... • http://www.openwall.com/lists/oss-security/2023/07/02/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-37159 – kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
https://notcve.org/view.php?id=CVE-2021-37159
21 Jul 2021 — hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. la función hso_free_net_device en el archivo drivers/net/usb/hso.c en el kernel de Linux versiones hasta 5.13.4 llama a unregister_netdev sin comprobar el estado NETREG_REGISTERED, conllevando a un uso de memoria previamente liberada y un double free A flaw use-after-free in the Linux kernel USB High Speed Mob... • https://bugzilla.suse.com/show_bug.cgi?id=1188601 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 7CVE-2021-33909 – kernel: size_t-to-int conversion vulnerability in the filesystem layer
https://notcve.org/view.php?id=CVE-2021-33909
20 Jul 2021 — fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Un archivo fs/seq_file.c en el kernel de Linux versiones 3.16 hasta 5.13.x anteriores a 5.13.4, no restringe apropiadamente las asignaciones de búferes seq, conllevando a un desbordamiento de enteros, una escritura fuera de límites y una escalada a root por parte de ... • https://packetstorm.news/files/id/163621 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3612 – kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
https://notcve.org/view.php?id=CVE-2021-3612
09 Jul 2021 — An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escritura en memoria fuera de límites en el kernel de Linux joystick devices subsystem en versiones ant... • https://bugzilla.redhat.com/show_bug.cgi?id=1974079 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 26EXPL: 19CVE-2021-22555 – Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
https://notcve.org/view.php?id=CVE-2021-22555
07 Jul 2021 — A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space En el archivo net/netfilter/x_tables.c se ha detectado una escritura fuera de límites en la pila que afecta a Linux desde la versión 2.6.19-rc1. Esto permite a un atacante alcanzar privilegios o causar una denegación de servicio (por medio de corrupción de la memoria de la pila) mediante el espa... • https://packetstorm.news/files/id/179985 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 1CVE-2020-28097
https://notcve.org/view.php?id=CVE-2020-28097
24 Jun 2021 — The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. El subsistema vgacon en el kernel de Linux versiones anteriores a 5.8.10, maneja inapropiadamente el desplazamiento de software. Se presenta una lectura fuera de límites en la función vgacon_scrolldelta, también se conoce como CID-973c096f6a85 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 • CWE-125: Out-of-bounds Read •