CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20208
https://notcve.org/view.php?id=CVE-2021-20208
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en cifs-utils en versiones anteriores a la 6.13. Cuando un usuario monta un sistema de archivos CIFS krb5 desde un contenedor, puede usar las credenciales de Kerberos del host. • https://bugzilla.redhat.com/show_bug.cgi?id=1921116 https://bugzilla.samba.org/show_bug.cgi?id=14651 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3498 – Gstreamer Matroska Demuxing Use-After-Free
https://notcve.org/view.php?id=CVE-2021-3498
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. GStreamer versiones anteriores a 1.18.4, podría causar daños en la pila al analizar determinados archivos Matroska malformado Gstreamer suffers from a use-after-free vulnerability in Matroska demuxing. • http://packetstormsecurity.com/files/162952/Gstreamer-Matroska-Demuxing-Use-After-Free.html https://bugzilla.redhat.com/show_bug.cgi?id=1945342 https://gstreamer.freedesktop.org/security/sa-2021-0003.html https://security.gentoo.org/glsa/202208-31 https://www.debian.org/security/2021/dsa-4900 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3497 – gstreamer-plugins-good: Use-after-free in matroska demuxing
https://notcve.org/view.php?id=CVE-2021-3497
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. GStreamer versiones anteriores a 1.18.4, podría acceder a la memoria ya liberada en rutas de código de error al demultiplexar determinados archivos Matroska malformados • https://bugzilla.redhat.com/show_bug.cgi?id=1945339 https://gstreamer.freedesktop.org/security/sa-2021-0002.html https://lists.debian.org/debian-lts-announce/2021/04/msg00027.html https://security.gentoo.org/glsa/202208-31 https://www.debian.org/security/2021/dsa-4900 https://access.redhat.com/security/cve/CVE-2021-3497 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3472 – X.Org Server XChangeFeedbackControl Integer Underflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3472
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en xorg-x11-server en versiones anteriores a 1.20.11. Se puede producir un subdesbordamiento de enteros en xserver que puede conllevar a una escalada de privilegios local. • http://www.openwall.com/lists/oss-security/2021/04/13/1 https://bugzilla.redhat.com/show_bug.cgi?id=1944167 https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY https:/& • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0CVE-2021-20305 – nettle: Out of bounds memory access in signature verification
https://notcve.org/view.php?id=CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en Nettle en versiones anteriores a 3.7.2, donde varias funciones de comprobación de firma de Nettle (GOST DSA, EDDSA y ECDSA) resultan en la función de multiplicación del punto Elliptic Curve Cryptography (ECC) ser llamados con escaladores fuera de rango, posiblemente resultando en resultados incorrectos. Este fallo permite a un atacante forzar una firma no válida, causando un fallo de aserción o una posible validación. • https://bugzilla.redhat.com/show_bug.cgi?id=1942533 https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63 https://security.gentoo.org/glsa/202105-31 https://security.netapp.com/advisory/ntap-20211022-0002 https://www.debian.org/security/2021/dsa-4933 https://access.redhat.com/security/cve/CVE-2021-20305 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-787: Out-of-bounds Write •