CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 1CVE-2021-4002 – kernel: possible leak or coruption of data residing on hugetlbfs
https://notcve.org/view.php?id=CVE-2021-4002
06 Jan 2022 — A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. Se encontró un fallo de pérdida de memoria en el uso de memoria hugetlbfs del kernel de Linux en la forma en que el usuario mapea algunas regiones de memoria dos veces usando shmget() que están alineadas a la alineac... • https://bugzilla.redhat.com/show_bug.cgi?id=2025726 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 1CVE-2021-45485 – kernel: information leak in the IPv6 implementation
https://notcve.org/view.php?id=CVE-2021-45485
25 Dec 2021 — In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. En la implementación de IPv6 en el kernel de Linux versiones anteriores a 5.13.3, el archivo net/ipv6/output_core.c presenta un filtrado de información debido a determinado uso de una tabla hash que, aunque es grande, no considera aprop... • https://github.com/Satheesh575555/linux-4.19.72_CVE-2021-45485 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-45486 – kernel: information leak in the IPv4 implementation
https://notcve.org/view.php?id=CVE-2021-45486
25 Dec 2021 — In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. En la implementación de IPv4 en el kernel de Linux versiones anteriores a 5.12.4, el archivo net/ipv4/route.c presenta un filtrado de información porque la tabla hash es muy pequeña An information leak flaw was found in the Linux kernel’s IPv4 implementation in the ip_rt_init in net/ipv4/route.c function. The use of a small hash table in IP ID generation allows a remot... • https://arxiv.org/pdf/2112.09604.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 0CVE-2021-43818 – HTML Cleaner allows crafted and SVG embedded scripts to pass through
https://notcve.org/view.php?id=CVE-2021-43818
13 Dec 2021 — lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. lxml es una biblioteca para procesar XML y HTML en el lenguaje Python. En versiones anteriores a 4.6.5, el limpiador... • https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2021-43797 – HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling
https://notcve.org/view.php?id=CVE-2021-43797
09 Dec 2021 — Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used ... • https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 1CVE-2021-43527 – nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
https://notcve.org/view.php?id=CVE-2021-43527
01 Dec 2021 — NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clien... • https://packetstorm.news/files/id/165110 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2021-20322 – kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
https://notcve.org/view.php?id=CVE-2021-20322
24 Nov 2021 — A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de... • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 • CWE-330: Use of Insufficiently Random Values •
CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0CVE-2021-43976 – kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device
https://notcve.org/view.php?id=CVE-2021-43976
17 Nov 2021 — In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). En el kernel de Linux versiones hasta 5.15.2, la función mwifiex_usb_recv en el archivo drivers/net/wireless/marvell/mwifiex/usb.c permite a un atacante (que puede conectar un dispositivo USB diseñado) causar una denegación de servicio (skb_over_panic) A denial of service flaw was found in mwifiex_usb_recv ... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84 • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-3772 – kernel: sctp: Invalid chunks may be used to remotely remove existing associations
https://notcve.org/view.php?id=CVE-2021-3772
08 Nov 2021 — A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacant... • https://bugzilla.redhat.com/show_bug.cgi?id=2000694 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-43396
https://notcve.org/view.php?id=CVE-2021-43396
04 Nov 2021 — In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to t... • https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396 •