CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45261
https://notcve.org/view.php?id=CVE-2021-45261
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. Se presenta una vulnerabilidad de Puntero no Válido en GNU patch versión 2.7, por medio de la función another_hunk, que causa una denegación de servicio • https://savannah.gnu.org/bugs/?61685 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-45078
https://notcve.org/view.php?id=CVE-2021-45078
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. La función stab_xcoff_builtin_type en el archivo stabs.c en GNU Binutils versiones hasta 2.37, permite a atacantes causar una denegación de servicio (desbordamiento de búfer basado en la pila) o posiblemente tener otro impacto no especificado, como lo demuestra una escritura fuera de límites. NOTA: este problema se presenta debido a una corrección incorrecta de CVE-2018-12699 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3 https://security.gentoo.org/glsa/202208-30 https://security.netapp.com/advisory/ntap-20220107-0002 https://sourceware.org/bugzilla/show_bug.cgi?id=28694 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=161e87d12167b1e36193385485c1f6ce92f74f02 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28237
https://notcve.org/view.php?id=CVE-2021-28237
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Se ha detectado que LibreDWG versión v0.12.3, contiene un desbordamiento del búfer de la pila por medio de decode_preR13 • https://github.com/LibreDWG/libredwg/issues/325 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28236
https://notcve.org/view.php?id=CVE-2021-28236
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. Se ha detectado que LibreDWG versión v0.12.3, contiene una desreferencia de puntero NULL por medio del archivo out_dxfb.c • https://github.com/LibreDWG/libredwg/issues/324 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44227 – mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover
https://notcve.org/view.php?id=CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. En GNU Mailman versiones anteriores a 2.1.38, un miembro o moderador de la lista puede conseguir un token de tipo CSRF y diseñar una petición de administración (usando ese token) para establecer una nueva contraseña de administrador o hacer otros cambios A Cross-Site Request Forgery (CSRF) attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively bypassing the protection provided by CSRF tokens. A remote attacker with an account on the mailman system can use this flaw to perform a CSRF attack and perform operations on behalf of the victim admin. • https://bugs.launchpad.net/mailman/+bug/1952384 https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html https://access.redhat.com/security/cve/CVE-2021-44227 https://bugzilla.redhat.com/show_bug.cgi?id=2026862 • CWE-352: Cross-Site Request Forgery (CSRF) •