CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-46142 – Debian Security Advisory 5063-1
https://notcve.org/view.php?id=CVE-2021-46142
06 Jan 2022 — An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones libres no válidas en uriNormalizeSyntax. Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers (URIs), which may result in denial of service or potentially in the the execution of arbitrary code. • https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2021-41817 – ruby: Regular expression denial of service vulnerability of Date parsing methods
https://notcve.org/view.php?id=CVE-2021-41817
01 Jan 2022 — Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresión regular de denegación de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during... • https://hackerone.com/reports/1254844 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2021-41819 – ruby: Cookie prefix spoofing in CGI::Cookie.parse
https://notcve.org/view.php?id=CVE-2021-41819
01 Jan 2022 — CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CGI::Cookie.parse en Ruby versiones hasta 2.6.8, maneja inapropiadamente los prefijos de seguridad en los nombres de las cookies. Esto también afecta a CGI gem versiones hasta 0.3.0 para Ruby. A flaw was found in Ruby. • https://hackerone.com/reports/910552 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 1CVE-2021-4166 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4166
25 Dec 2021 — vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the... • http://seclists.org/fulldisclosure/2022/Jul/14 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-25321 – arpwatch: Local privilege escalation from runtime user to root
https://notcve.org/view.php?id=CVE-2021-25321
30 Jun 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9... • https://bugzilla.suse.com/show_bug.cgi?id=1186240 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25322 – python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
https://notcve.org/view.php?id=CVE-2021-25322
10 Jun 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. Una vulnerabilidad de seguimiento de enlaces simbólicos UNIX (Symlink) en python-HyperKitty de openSUSE Leap 15.2, Factory permite a ataca... • https://bugzilla.suse.com/show_bug.cgi?id=1182373 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31997 – python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root
https://notcve.org/view.php?id=CVE-2021-31997
10 Jun 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. Una vulnerabilidad de enlace simbólico de UNIX (Symlink) en python-postorius de openSUSE Leap 15.2, Factory permite a los atacantes locales escalar de... • https://bugzilla.suse.com/show_bug.cgi?id=1182407 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-25317 – cups: ownership of /var/log/cups allows the lp user to create files as root
https://notcve.org/view.php?id=CVE-2021-25317
05 May 2021 — A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar... • https://bugzilla.suse.com/show_bug.cgi?id=1184161 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25319 – virtualbox: missing sticky bit for /etc/vbox allows local root exploit for members of vboxusers group
https://notcve.org/view.php?id=CVE-2021-25319
05 May 2021 — A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factory virtualbox version 6.1.20-1.1 and prior versions. Una vulnerabilidad de permisos predeterminados incorrectos en el paquete de virtualbox de openSUSE Factory, permite a atacantes locales en el grupo de vboxusers escalar a root. Este problema afecta a: openSUSE Factory virtualbox versión 6.1.20-1.1 y versi... • https://bugzilla.suse.com/show_bug.cgi?id=1182918 • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2019-3681 – osc: stores downloaded (supposed) RPM in network-controlled filesystem paths
https://notcve.org/view.php?id=CVE-2019-3681
29 Jun 2020 — A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development ... • https://bugzilla.suse.com/show_bug.cgi?id=1122675 • CWE-73: External Control of File Name or Path •