CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43414
https://notcve.org/view.php?id=CVE-2021-43414
An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. Se ha detectado un problema en GNU Hurd versiones anteriores a 0.9 20210404-9. El uso de un protocolo de autenticación en el servidor proc es vulnerable a unos ataques de tipo man-in-the-middle, que pueden ser explotados para la escalada de privilegios local para conseguir acceso completo a la root • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html https://www.mail-archive.com/bug-hurd%40gnu.org/msg32114.html • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43411
https://notcve.org/view.php?id=CVE-2021-43411
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access. Se ha detectado un problema en GNU Hurd versiones anteriores a 0.9 20210404-9. Cuando se intenta ejecutar un ejecutable setuid, se presenta una ventana de tiempo cuando el proceso ya presenta los nuevos privilegios, pero todavía se refiere a la antigua tarea y es accesible mediante el antiguo puerto del proceso. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html https://salsa.debian.org/hurd-team/hurd/-/blob/4d1b079411e2f40576e7b58f9b5b78f733a2beda/debian/patches/0034-proc-Use-UIDs-for-evaluating-permissions.patch https://www.mail-archive.com/bug-hurd%40gnu.org/msg32112.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-43396
https://notcve.org/view.php?id=CVE-2021-43396
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. ** EN DISPUTA ** En el archivo iconvdata/iso-2022-jp-3.c de la Biblioteca C de GNU (también conocida como glibc) 2.34, los atacantes remotos pueden forzar a iconv() a emitir un carácter espurio '\0' a través de datos ISO-2022-JP-3 manipulados que van acompañados de un reinicio de estado interno. Esto puede afectar a la integridad de los datos en ciertos casos de uso de iconv(). • https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396 https://sourceware.org/bugzilla/show_bug.cgi?id=28524 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d https://www.oracle.com/security-alerts/cpujul2022.html •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42097 – mailman: CSRF token bypass allows to perform CSRF attacks and account takeover
https://notcve.org/view.php?id=CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). GNU Mailman versiones anteriores a 2.1.35, puede permitir una escalada de privilegios remota. Un valor csrf_token no es específico de una sola cuenta de usuario. • http://www.openwall.com/lists/oss-security/2021/10/21/4 https://bugs.launchpad.net/mailman/+bug/1947640 https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2021-42097 https://bugzilla.redhat.com/show_bug.cgi?id=2020568 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42096 – mailman: CSRF token derived from admin password allows offline brute-force attack
https://notcve.org/view.php?id=CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contraseña del administrador, y puede ser útil para llevar a cabo un ataque de fuerza bruta contra esa contraseña Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF (Cross-site Request Forgery) token, which is exposed to unprivileged members of a list. • http://www.openwall.com/lists/oss-security/2021/10/21/4 https://bugs.launchpad.net/mailman/+bug/1947639 https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ https://www.debian.org/security/2021/dsa-4991 https://access.redhat.com/security/cve/CVE-2021-42096 https://bugzilla.redhat.com/show_bug.cgi?id=2020575 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-307: Improper Restriction of Excessive Authentication Attempts •