CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3981 – grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content
https://notcve.org/view.php?id=CVE-2021-3981
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. Se ha encontrado un fallo en grub2 en el que su archivo de configuración, conocido como grub.cfg, es creado con un conjunto de permisos erróneo que permite a usuarios no privilegiado leer su contenido. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://bugzilla.redhat.com/show_bug.cgi?id=2024170 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX https://security.gentoo.org/glsa/202209-12 https://access.redhat.com/security/cve/CVE-2021-3981 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. Se ha encontrado un fallo en glibc. Un desbordamiento y subdesbordamiento de búfer en la función getcwd() puede conllevar a una corrupción de memoria cuando el tamaño del búfer es exactamente 1. • https://access.redhat.com/security/cve/CVE-2021-3999 https://bugzilla.redhat.com/show_bug.cgi?id=2024637 https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security-tracker.debian.org/tracker/CVE-2021-3999 https://security.netapp.com/advisory/ntap-20221104-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=28769 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e https://www.openwall.com/lists/oss-security/2022/01/24/4 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998
https://notcve.org/view.php?id=CVE-2021-3998
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. • https://access.redhat.com/security/cve/CVE-2021-3998 https://bugzilla.redhat.com/show_bug.cgi?id=2024633 https://security-tracker.debian.org/tracker/CVE-2021-3998 https://security.netapp.com/advisory/ntap-20221020-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=28770 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb https://www.openwall.com/lists/oss-security/2022 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-46021
https://notcve.org/view.php?id=CVE-2021-46021
An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. Una vulnerabilidad de Uso de Memoria Previamente Liberada en la función rec_record_destroy() en el archivo rec-record.c de GNU Recutils versión v1.8.90, puede conllevar a un fallo de segmentación o un fallo de la aplicación • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDVOFC3HTBG7DF2PZTEXRMG4CV2F55UF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRSXSN2XF6PX74WDYVV26TQMYIFAEQ3T https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46195 – gcc: uncontrolled recursion in libiberty/rust-demangle.c
https://notcve.org/view.php?id=CVE-2021-46195
GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. Se ha detectado que GCC versión v12.0, contiene una recursión no controlada por medio del componente libiberty/rust-demangle.c. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) al consumir excesivos recursos de CPU y memoria A flaw was discovered in the GNU libiberty library within the demangle_path() function in rust-demangle.c, as distributed in the GNU Compiler Collection (GCC). This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash. • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 https://access.redhat.com/security/cve/CVE-2021-46195 https://bugzilla.redhat.com/show_bug.cgi?id=2046300 • CWE-674: Uncontrolled Recursion •