CVSS: 7.4EPSS: 0%CPEs: 22EXPL: 2CVE-2021-44733 – kernel: use-after-free in the TEE subsystem
https://notcve.org/view.php?id=CVE-2021-44733
22 Dec 2021 — A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. Se presenta un uso de memoria previamente liberada en el archivo drivers/tee/tee_shm.c en el subsistema TEE en el kernel de Linux versiones hasta 5.15.11. Esto ocurre debido a una condición de carrera en tee_shm_get_from_id durante un intento de liberar un objeto de memoria compartida A use-... • https://github.com/pjlantz/optee-qemu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43804 – Out-of-bounds read when parsing RTCP BYE message in PJSIP
https://notcve.org/view.php?id=CVE-2021-43804
22 Dec 2021 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason lengt... • https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-37706 – Potential integer underflow upon receiving STUN message in PJSIP
https://notcve.org/view.php?id=CVE-2021-37706
22 Dec 2021 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a speciall... • http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40393 – Debian Security Advisory 5306-1
https://notcve.org/view.php?id=CVE-2021-40393
22 Dec 2021 — An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad aperture macro variables handling de RS-274X de Gerbv versiones 2.7.0 y dev (commit b5f1eacd) y la v... • https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40394 – Debian Security Advisory 5306-1
https://notcve.org/view.php?id=CVE-2021-40394
22 Dec 2021 — An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura fuera de límites en la funcionalidad aperture macro variables handling de RS-274X de Gerbv versiones 2.7.0 y dev (commit b5f1eacd) y la v... • https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20321 – kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename()
https://notcve.org/view.php?id=CVE-2021-20321
21 Dec 2021 — A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. Se encontró una condición de carrera al acceder a un objeto de archivo en el subsistema OverlayFS del kernel de Linux en la forma en que usuarios hacen el cambio de nombre de manera específica con OverlayFS. Un usuario local podría usar este fallo para bloquear el sistema Red Hat Advanced Cluster Management f... • https://bugzilla.redhat.com/show_bug.cgi?id=2013242 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4009 – X.Org Server SProcXFixesCreatePointerBarrier Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4009
17 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SProcXFixesCreatePointerBarrier. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4011 – X.Org Server SwapCreateRegister Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4011
17 Dec 2021 — A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un fallo en xorg-x11-server en versiones anteriores a 21.1.2 y anteriores a 1.20.14. Puede producirse un acceso fuera de límites en la función SwapCreateRegister. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45098
https://notcve.org/view.php?id=CVE-2021-45098
16 Dec 2021 — An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. • https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-45095 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2021-45095
16 Dec 2021 — pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. La función pep_sock_accept en el archivo net/phonet/pep.c en el kernel de Linux versiones hasta 5.15.8, presenta un filtrado de refcount Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linu... • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=bcd0f93353326954817a4f9fa55ec57fb38acbb0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •