CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-4184 – Gentoo Linux Security Advisory 202210-04
https://notcve.org/view.php?id=CVE-2021-4184
30 Dec 2021 — Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un bucle infinito en BitTorrent DHT dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite una denegación de servicio por medio de una inyección de paquetes o de un archivo de captura diseñado. Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service. Versions less than 3.6.8 are affected. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-4185 – Gentoo Linux Security Advisory 202210-04
https://notcve.org/view.php?id=CVE-2021-4185
30 Dec 2021 — Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un Bucle infinito en RTMPT dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite una denegación de servicio por inyección de paquetes o archivo de captura diseñado. Multiple vulnerabilities have been discovered in Wireshark, the worst of which could result in denial of service. Versions less than 3.6.8 are affected. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4185.json • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.5EPSS: 44%CPEs: 71EXPL: 3CVE-2021-44832 – Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration
https://notcve.org/view.php?id=CVE-2021-44832
28 Dec 2021 — Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de corrección de seg... • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-45909 – Ubuntu Security Notice USN-5969-1
https://notcve.org/view.php?id=CVE-2021-45909
28 Dec 2021 — An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. Se ha detectado un problema en gif2apng versión 1.9. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la función DecodeLZW. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002668 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-45910
https://notcve.org/view.php?id=CVE-2021-45910
28 Dec 2021 — An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. Se ha detectado un problema en gif2apng versión 1.9. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002667 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-45911
https://notcve.org/view.php?id=CVE-2021-45911
28 Dec 2021 — An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. Se ha detectado un problema en gif2apng versión 1.9. Se presenta un desbordamiento del búfer en la región heap de la memoria en la función main. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002687 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-43845 – Prevent out-of-bounds read in PJSIP
https://notcve.org/view.php?id=CVE-2021-43845
27 Dec 2021 — PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size. PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto. • https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 1CVE-2021-4166 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4166
25 Dec 2021 — vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the... • http://seclists.org/fulldisclosure/2022/Jul/14 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-45480 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2021-45480
24 Dec 2021 — An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.15.11. Se presenta una pérdida de memoria en la función __rds_conn_create() en el archivo net/rds/connection.c en una determinada combinación de circunstancias It was discovered that the network traffic control implementation in the Linux kernel conta... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 2CVE-2021-45469 – Ubuntu Security Notice USN-5377-1
https://notcve.org/view.php?id=CVE-2021-45469
23 Dec 2021 — In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. En la función __f2fs_setxattr en el archivo fs/f2fs/xattr.c en el kernel de Linux versiones hasta 5.15.11, se presenta un acceso a memoria fuera de límites cuando un inodo presenta una última entrada xattr no válida Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups... • http://www.openwall.com/lists/oss-security/2021/12/25/1 • CWE-125: Out-of-bounds Read •