CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 2CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
21 Jul 2021 — libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' whic... • https://github.com/Trinadh465/external_curl_AOSP10_r33_CVE-2021-22924 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3612 – kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
https://notcve.org/view.php?id=CVE-2021-3612
09 Jul 2021 — An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escritura en memoria fuera de límites en el kernel de Linux joystick devices subsystem en versiones ant... • https://bugzilla.redhat.com/show_bug.cgi?id=1974079 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 1CVE-2021-22897
https://notcve.org/view.php?id=CVE-2021-22897
11 Jun 2021 — curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transpo... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-668: Exposure of Resource to Wrong Sphere CWE-840: Business Logic Errors •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 2CVE-2019-25045
https://notcve.org/view.php?id=CVE-2019-25045
07 Jun 2021 — An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.0.19. El subsistema XFRM presenta un uso de la memoria previamente liberada, relacionado con un pánico de la función xfrm_state_fini, también se conoce como CID-dbb2483b2a46 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-33200 – kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
https://notcve.org/view.php?id=CVE-2021-33200
27 May 2021 — kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.7, aplica límites inco... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0 • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: 0%CPEs: 22EXPL: 2CVE-2021-22543 – Improper memory handling in Linux KVM
https://notcve.org/view.php?id=CVE-2021-22543
26 May 2021 — An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Se detectó un problema en Linux: KVM mediante del manejo inapropiado de Los vmas VM_IO|VM_PFNMAP en KVM pueden omitir unas comprobaciones RO y puede conllevar a que las pági... • https://packetstorm.news/files/id/179984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 40EXPL: 2CVE-2021-22901 – curl: Use-after-free in TLS session handling when using OpenSSL TLS backend
https://notcve.org/view.php?id=CVE-2021-22901
26 May 2021 — curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the conne... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 1CVE-2021-33574 – glibc: mq_notify does not handle separately allocated thread attributes
https://notcve.org/view.php?id=CVE-2021-33574
25 May 2021 — The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. La función mq_notify de la Biblioteca C de GNU (también conocida como glibc) versiones 2.32 y 2.33 tiene un use-after-free. Puede utilizar el objeto de atributos del hilo de notificac... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 1CVE-2019-25044
https://notcve.org/view.php?id=CVE-2019-25044
14 May 2021 — The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. El block subsystem en el kernel de Linux versiones anteriores a 5.2 presenta un uso de la memoria previamente liberada que puede conllevar a una ejecución de código arbitrario en el contexto del kernel y una escalada de privilegios, también se conoce como CID-c3e2219216... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 19EXPL: 2CVE-2021-32399 – kernel: race condition for removal of the HCI controller
https://notcve.org/view.php?id=CVE-2021-32399
10 May 2021 — net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. El archivo net/bluetooth/hci_request.c en el kernel de Linux versiones hasta 5.12.2, presenta una condición de carrera para la eliminación del controlador HCI A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation.... • https://github.com/nanopathi/linux-4.19.72_CVE-2021-32399 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •