Page 2 of 46 results (0.009 seconds)

CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1

CVE-2022-23219 – glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname

https://notcve.org/view.php?id=CVE-2022-23219

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. La función de compatibilidad obsoleta clnt_create en el módulo sunrpc de la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, copia su argumento de nombre de host en la pila sin comprobar su longitud, que puede resultar en un desbordamiento de búfer, resultando potencialmente en una denegación de servicio o (si una aplicación no está construida con un protector de pila habilitado) la ejecución de código arbitrario A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clnt_create() in the sunrpc's clnt_gen.c module of the GNU C Library (aka glibc) through 2.34. This vulnerability copies its hostname argument onto the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) lead to arbitrary code execution. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security.gentoo.org/glsa/202208-24 https://sourceware.org/bugzilla/show_bug.cgi?id=22542 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23219 https://bugzilla.redhat.com/show_bug.cgi?id=2042017 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.9EPSS: 96%CPEs: 213EXPL: 7

CVE-2021-45105 – Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

https://notcve.org/view.php?id=CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no protegían de la recursión no controlada de las búsquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegación de servicio cuando es interpretada una cadena diseñada. • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 https://github.com/tejas-nagchandi/CVE-2021-45105 https://github.com/pravin-pp/log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1 https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105 https://github.com/dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105-v htt • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2

CVE-2021-43396

https://notcve.org/view.php?id=CVE-2021-43396

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. ** EN DISPUTA ** En el archivo iconvdata/iso-2022-jp-3.c de la Biblioteca C de GNU (también conocida como glibc) 2.34, los atacantes remotos pueden forzar a iconv() a emitir un carácter espurio '\0' a través de datos ISO-2022-JP-3 manipulados que van acompañados de un reinicio de estado interno. Esto puede afectar a la integridad de los datos en ciertos casos de uso de iconv(). • https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396 https://sourceware.org/bugzilla/show_bug.cgi?id=28524 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d https://www.oracle.com/security-alerts/cpujul2022.html •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

CVE-2021-36160 – mod_proxy_uwsgi out of bound read

https://notcve.org/view.php?id=CVE-2021-36160

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). Una uri-path de petición cuidadosamente diseñada puede causar que la función mod_proxy_uwsgi lea por encima de la memoria asignada y se bloquee (DoS). Este problema afecta a Apache HTTP Server versiones 2.4.30 a 2.4.48 (incluyéndola) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3E https://lists.apache • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

CVE-2021-34798 – NULL pointer dereference in httpd core

https://notcve.org/view.php?id=CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E • CWE-476: NULL Pointer Dereference •