CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1CVE-2021-22947 – curl: Server responses received before STARTTLS processed after TLS handshake
https://notcve.org/view.php?id=CVE-2021-22947
15 Sep 2021 — When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-thro... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 2CVE-2021-3743 – kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
https://notcve.org/view.php?id=CVE-2021-3743
15 Sep 2021 — An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se ha encontrado un defecto de lectura de memoria fuera de límites (OOB) en el protocolo de router Qualcomm IPC en el kernel de Linux. Una falta de comprobación de saneo permite a ... • https://bugzilla.redhat.com/show_bug.cgi?id=1997961 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2021-38604 – Gentoo Linux Security Advisory 202208-24
https://notcve.org/view.php?id=CVE-2021-38604
12 Aug 2021 — In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vuln... • https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc • CWE-476: NULL Pointer Dereference •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 1CVE-2021-21781 – kernel: arm: SIGPAGE information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2021-21781
10 Aug 2021 — An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 Se presenta una vulnerabilidad de divulgación de información en la fun... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2021-37159 – kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
https://notcve.org/view.php?id=CVE-2021-37159
21 Jul 2021 — hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. la función hso_free_net_device en el archivo drivers/net/usb/hso.c en el kernel de Linux versiones hasta 5.13.4 llama a unregister_netdev sin comprobar el estado NETREG_REGISTERED, conllevando a un uso de memoria previamente liberada y un double free A flaw use-after-free in the Linux kernel USB High Speed Mob... • https://bugzilla.suse.com/show_bug.cgi?id=1188601 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3612 – kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
https://notcve.org/view.php?id=CVE-2021-3612
09 Jul 2021 — An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escritura en memoria fuera de límites en el kernel de Linux joystick devices subsystem en versiones ant... • https://bugzilla.redhat.com/show_bug.cgi?id=1974079 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 0CVE-2020-4788 – kernel: speculation on incompletely validated data on IBM Power9
https://notcve.org/view.php?id=CVE-2020-4788
20 Nov 2020 — IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. Los procesadores IBM Power9 (AIX versiones 7.1, 7.2 y VIOS versión 3.1), podrían permitir a un usuario local obtener información confidencial de los datos en la caché L1 en circunstancias atenuantes. IBM X-Force ID: 189296 A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data ... • http://www.openwall.com/lists/oss-security/2020/11/20/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-0404 – kernel: avoid cyclic entity chains due to malformed USB descriptors
https://notcve.org/view.php?id=CVE-2020-0404
17 Sep 2020 — In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel En la función uvc_scan_chain_forward del archivo uvc_driver.c, se presenta una posible corrupción de la lista enlazada debido a una causa raíz inu... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •