CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. Una imagen PNG en escala de grises de 16 bits diseñada puede conllevar a una escritura fuera de límites en el área de la pila. • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 https://security.gentoo.org/glsa/202209-12 https://security.netapp.com/advisory/ntap-20220930-0001 https://access.redhat.com/security/cve/CVE-2021-3695 • CWE-787: Out-of-bounds Write •
CVE-2021-3979 – ceph: Ceph volume does not honour osd_dmcrypt_key_size
https://notcve.org/view.php?id=CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que es más débil y puede ser explotada para la pérdida de confidencialidad e integridad en los discos cifrados. • https://access.redhat.com/security/cve/CVE-2021-3979 https://bugzilla.redhat.com/show_bug.cgi?id=2024788 https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 https://github.com/ceph/ceph/pull/44765 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q https://tracker.ceph.com/issues/54006 • CWE-287: Improper Authentication CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. • http://www.openwall.com/lists/oss-security/2022/01/18/3 https://access.redhat.com/security/cve/CVE-2021-4104 https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033 https://security.gentoo.org/glsa/202209-02 https://security.gentoo.org/glsa/202310-16 https://security.gentoo.org/glsa/202312-02 https://security.gentoo.org/glsa/202312-04 https://security.netapp.com/advisory/ntap-20211223-0007 https • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVE-2021-4048 – lapack: Out-of-bounds read in *larrv
https://notcve.org/view.php?id=CVE-2021-4048
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. Se ha encontrado un fallo de lectura fuera de límites en las funciones CLARRV, DLARRV, SLARRV y ZLARRV de lapack versiones hasta 3.10.0, usadas también en OpenBLAS versiones anteriores a 0.3.18. Las entradas especialmente diseñadas que se pasan a estas funciones podrían causar que una aplicación que use lapack se bloquee o posiblemente revele partes de su memoria An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. • https://github.com/JuliaLang/julia/issues/42415 https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781 https://github.com/Reference-LAPACK/lapack/pull/625 https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 https://lists.fedoraproject.org/archives/li • CWE-125: Out-of-bounds Read •
CVE-2021-3636 – openshift: Injected service-ca.crt incorrectly contains additional internal CAs
https://notcve.org/view.php?id=CVE-2021-3636
It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. Se encontró en OpenShift, anterior a versión 4.8, que el certificado generado para la CA de servicio en el clúster, incluía incorrectamente certificados adicionales. La CA de servicio se monta automáticamente en todos los pods, permitiéndoles conectarse de forma segura a los servicios confiables del clúster que presentan certificados firmados por la CA de servicio confiable. • https://bugzilla.redhat.com/show_bug.cgi?id=1978621 https://access.redhat.com/security/cve/CVE-2021-3636 • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •