CVSS: 8.1EPSS: 1%CPEs: 7EXPL: 1CVE-2021-40153 – squashfs-tools: unvalidated filepaths allow writing outside of destination
https://notcve.org/view.php?id=CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. La función squashfs_opendir en el archivo unsquash-1.c en Squashfs-Tools versión 4.5, almacena el nombre del archivo en la entrada del directorio; esto es entonces usado por unsquashfs para crear el nuevo archivo durante el desensamblaje. El nombre de archivo no se comprueba para saltar fuera del directorio de destino, y por lo tanto permite escribir en lugares fuera del destino. A flaw was found in Squashfs-tools, where it is vulnerable to attacks similar to zip-slip. • https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 https://github.com/plougher/squashfs-tools/issues/72 https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL https:&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2021-3690 – undertow: buffer leak on incoming websocket PONG message may lead to DoS
https://notcve.org/view.php?id=CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en Undertow. • https://access.redhat.com/security/cve/CVE-2021-3690 https://bugzilla.redhat.com/show_bug.cgi?id=1991299 https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877 https://issues.redhat.com/browse/UNDERTOW-1935 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2021-3621 – sssd: shell command injection in sssctl
https://notcve.org/view.php?id=CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en SSSD, donde el comando sssctl era vulnerable a la inyección de comandos de shell por medio de los subcomandos logs-fetch y cache-expire. Este fallo permite a un atacante engañar al usuario root para que ejecute un comando sssctl especialmente diseñado, por ejemplo por medio de sudo, para conseguir acceso de root. • https://bugzilla.redhat.com/show_bug.cgi?id=1975142 https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://sssd.io/release-notes/sssd-2.6.0.html https://access.redhat.com/security/cve/CVE-2021-3621 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3677 – postgresql: memory disclosure in certain queries
https://notcve.org/view.php?id=CVE-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. • https://bugzilla.redhat.com/show_bug.cgi?id=2001857 https://security.gentoo.org/glsa/202211-04 https://security.netapp.com/advisory/ntap-20220407-0008 https://www.postgresql.org/support/security/CVE-2021-3677 https://access.redhat.com/security/cve/CVE-2021-3677 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2021-3635 – kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
https://notcve.org/view.php?id=CVE-2021-3635
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands. Se ha detectado un fallo en la implementación del netfilter del kernel de Linux en versiones anteriores a 5.5-rc7. Un usuario con acceso de root (CAP_SYS_ADMIN) es capaz de hacer entrar en pánico al sistema cuando emite comandos netfilter netflow. A flaw was found in the Linux kernel netfilter implementation. • https://bugzilla.redhat.com/show_bug.cgi?id=1976946 https://access.redhat.com/security/cve/CVE-2021-3635 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •