CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-38202
https://notcve.org/view.php?id=CVE-2021-38202
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd. El archivo fs/nfsd/trace.h en el kernel de Linux versiones anteriores a 5.13.4, podría permitir a atacantes remotos causar una denegación de servicio (lectura fuera de los límites en strlen) mediante el envío de tráfico NFS cuando el marco de eventos de rastreo se está usando para nfsd • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 https://security.netapp.com/advisory/ntap-20210902-0010 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38203
https://notcve.org/view.php?id=CVE-2021-38203
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info. btrfs en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes causar una denegación de servicio (bloqueo) por medio de procesos que desencadenan la asignación de nuevos trozos del sistema durante los momentos en que hay una escasez de espacio libre en el space_info del sistema • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 https://security.netapp.com/advisory/ntap-20210902-0010 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38160
https://notcve.org/view.php?id=CVE-2021-38160
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior ** EN DISPUTA ** En el archivo drivers/char/virtio_console.c en el kernel de Linux versiones anteriores a 5.13.4, la corrupción o pérdida de datos puede ser desencadenada por un dispositivo no fiable que suministre un valor buf-)len excediendo el tamaño del buffer. NOTA: El proveedor indica que la citada corrupción de datos no es una vulnerabilidad en ningún caso de uso existente; la validación de la longitud se añadió únicamente para la robustez frente a un comportamiento anómalo del sistema operativo anfitrión. • https://access.redhat.com/security/cve/cve-2021-38160 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20210902-0010 https://www.debian.org/security/2021/dsa-4978 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 1CVE-2021-22926
https://notcve.org/view.php?id=CVE-2021-22926
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. Las aplicaciones que usan libcurl pueden pedir un certificado de cliente específico para ser usado en una transferencia. Esto se hace con la opción "CURLOPT_SSLCERT" ("--cert" con la herramienta de línea de comandos).Cuando libcurl se construye para usar la biblioteca TLS nativa de macOS Transporte Seguro, una aplicación puede pedir el certificado del cliente por su nombre o con un nombre de archivo - usando la misma opción. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1234760 https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cuser • CWE-295: Improper Certificate Validation CWE-840: Business Logic Errors •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 1CVE-2021-22922 – curl: Content not matching hash in Metalink is not being discarded
https://notcve.org/view.php?id=CVE-2021-22922
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. Cuando es instruido a curl descargar un contenido usando la funcionalidad metalink, el contenido es comprobado con un hash proporcionado en el archivo XML metalink. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1213175 https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cuser • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions CWE-840: Business Logic Errors •