CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22004
https://notcve.org/view.php?id=CVE-2021-22004
An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. Se detectó un problema en SaltStack Salt versiones anteriores a 3003.3. El instalador de minions de Salt aceptará y usará un archivo de configuración de minions en C:\salt\conf si ese archivo está en su lugar antes de que se ejecute el instalador. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 5CVE-2021-40346 – haproxy: request smuggling attack or response splitting via duplicate content-length header
https://notcve.org/view.php?id=CVE-2021-40346
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. Se presenta un desbordamiento de enteros en HAProxy versiones 2.0 a 2.5, en la función htx_add_header() que puede ser explotada para llevar a cabo un ataque de contrabando de peticiones HTTP, permitiendo a un atacante omitir todas las ACLs configuradas de HAProxy de peticiones http y posiblemente otras ACLs Proxy server haproxy has a flaw that can could allow an HTTP request smuggling attack with the goal of bypassing access-control list rules defined by haproxy. The attack was made possible by utilizing an integer overflow vulnerability that allowed reaching an unexpected state in haproxy while parsing an HTTP request. The highest threat from this vulnerability is integrity. • https://github.com/knqyf263/CVE-2021-40346 https://github.com/donky16/CVE-2021-40346-POC https://github.com/alikarimi999/CVE-2021-40346 https://github.com/alexOarga/CVE-2021-40346 https://git.haproxy.org/?p=haproxy.git https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120%40%3Cdev.cloudstac • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28701
https://notcve.org/view.php?id=CVE-2021-28701
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. • http://www.openwall.com/lists/oss-security/2021/09/08/2 http://xenbits.xen.org/xsa/advisory-384.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU https://security.gentoo.org/glsa/202208-23 https:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21996
https://notcve.org/view.php?id=CVE-2021-21996
An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion. Se detectó un problema en SaltStack Salt versiones anteriores a 3003.3. Un usuario que presenta el control de las URLs source, y source_hash puede conseguir acceso completo al sistema de archivos como root en un minion de Salt • https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html https://lists.debian.org/debian-lts-announce/2021/11/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BUWUF5VTENNP2ZYZBVFKPSUHLKLUBD5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ACVT7M4YLZRLWWQ6SGRK3C6TOF4FXOXT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MBAHHSGZLEJRCG4DX6J4RBWJAAWH55RQ https://saltproject.io/security_ •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-19752
https://notcve.org/view.php?id=CVE-2020-19752
The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. La función find_color_or_error en gifsicle versión 1.92, contiene una desreferencia de puntero NULL • https://github.com/kohler/gifsicle/issues/140 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7H3ASG2BD4D4SAUUI6TOLUZYP2QYYHXY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DH7X7PGUN5BYXKW533DAX4KAEM4HPMJC • CWE-476: NULL Pointer Dereference •