CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2021-41817 – ruby: Regular expression denial of service vulnerability of Date parsing methods
https://notcve.org/view.php?id=CVE-2021-41817
01 Jan 2022 — Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresión regular de denegación de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during... • https://hackerone.com/reports/1254844 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2021-41819 – ruby: Cookie prefix spoofing in CGI::Cookie.parse
https://notcve.org/view.php?id=CVE-2021-41819
01 Jan 2022 — CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CGI::Cookie.parse en Ruby versiones hasta 2.6.8, maneja inapropiadamente los prefijos de seguridad en los nombres de las cookies. Esto también afecta a CGI gem versiones hasta 0.3.0 para Ruby. A flaw was found in Ruby. • https://hackerone.com/reports/910552 • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45944 – Ubuntu Security Notice USN-5224-1
https://notcve.org/view.php?id=CVE-2021-45944
31 Dec 2021 — Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 hasta 9.53.3, presenta un uso de memoria previamente liberada en la función sampled_data_sample (llamado desde sampled_data_continue e interp). USN-5224-1 fixed several vulnerabilities in Ghostscript. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Ghostscript incorrectly handled certain PostScript ... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45949 – Debian Security Advisory 5038-1
https://notcve.org/view.php?id=CVE-2021-45949
31 Dec 2021 — Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 a 9.54.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función sampled_data_finish (llamado desde sampled_data_continue e interp). Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbit... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 3CVE-2021-45958 – Ubuntu Security Notice USN-6629-2
https://notcve.org/view.php?id=CVE-2021-45958
31 Dec 2021 — UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. UltraJSON (también conocido como ujson) a través de 5.1.0 tiene un desbordamiento de búfer basado en pila en Buffer_AppendIndentUnchecked (llamado desde encode). La explotación puede, por ejemplo, utilizar una gran cantidad de sangría USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding u... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2021-45930 – qt: out-of-bounds write may lead to DoS
https://notcve.org/view.php?id=CVE-2021-45930
31 Dec 2021 — Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 2CVE-2021-45943 – Debian Security Advisory 5239-1
https://notcve.org/view.php?id=CVE-2021-45943
31 Dec 2021 — GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). GDAL versiones 3.3.0 hasta 3.4.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función PCIDSK::CPCIDSKFile::ReadFromFile (llamado desde PCIDSK::CPCIDSKSegment::ReadFromFile y PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). A heap-based buffer overflow vulnerability was discov... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2021-4192 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-4192
31 Dec 2021 — vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria Previamente Liberada. It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that... • http://seclists.org/fulldisclosure/2022/Jul/14 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1CVE-2021-4193 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4193
31 Dec 2021 — vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites. It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use ... • http://seclists.org/fulldisclosure/2022/Jul/14 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-4181 – Gentoo Linux Security Advisory 202210-04
https://notcve.org/view.php?id=CVE-2021-4181
30 Dec 2021 — Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un bloqueo en Sysdig Event dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite la denegación de servicio por inyección de paquetes o por un archivo de captura diseñado. Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service. Versions less than 3.6.8 are affected. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4181.json • CWE-125: Out-of-bounds Read •