CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28712
https://notcve.org/view.php?id=CVE-2021-28712
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Los backends fraudulentos pueden causar DoS de los huéspedes por medio de eventos de alta frecuencia T[este registro de información CNA se relaciona con múltiples CVEs; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE]. • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 https://xenbits.xenproject.org/xsa/advisory-391.txt •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28711
https://notcve.org/view.php?id=CVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Los backends fraudulentos pueden causar DoS de los huéspedes por medio de eventos de alta frecuencia T[este registro de información CNA es relacionado con múltiples CVEs; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE]. • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 https://xenbits.xenproject.org/xsa/advisory-391.txt •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3842 – Inefficient Regular Expression Complexity in nltk/nltk
https://notcve.org/view.php?id=CVE-2021-3842
nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente • https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45972
https://notcve.org/view.php?id=CVE-2021-45972
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. La función giftrans en giftrans versión 1.12.2, contiene un desbordamiento de búfer en la región stack de la memoria porque un valor dentro del archivo de entrada determina la cantidad de datos a escribir. Esto permite a un atacante sobrescribir hasta 250 bytes fuera del buffer asignado con datos arbitrarios. • http://web.archive.org/web/20150801185019 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002739 https://www.abdn.ac.uk/tools/ibmpc/giftrans/index.hti • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2021-41817 – ruby: Regular expression denial of service vulnerability of Date parsing methods
https://notcve.org/view.php?id=CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresión regular de denegación de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. • https://hackerone.com/reports/1254844 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF https://security.gentoo.org/glsa/202401-27 https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817 https://access.redhat.com/security/cve/CVE-2021-41817 https://bugzilla.redhat.com/show_bug. • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •