Page 4 of 26 results (0.007 seconds)

CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0

CVE-2021-3712 – Read buffer overruns processing ASN.1 strings

https://notcve.org/view.php?id=CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r18995de860f0e63635f3008f • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 1

CVE-2021-38604

https://notcve.org/view.php?id=CVE-2021-38604

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vulnerabilidad se introdujo como efecto secundario de la corrección de CVE-2021-33574 • https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP https://security.gentoo.org/glsa/202208-24 https://security.netapp.com/advisory/ntap-20210909-0005 https://sourceware.org/bugzilla/show_bug.cgi?id=28213 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641 https://sourceware.org/git/?p=glibc.git%3Ba&# • CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 47%CPEs: 22EXPL: 3

CVE-2021-34429 – Eclipse Jetty 11.0.5 - Sensitive File Disclosure

https://notcve.org/view.php?id=CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser diseñados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variación de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5 • https://www.exploit-db.com/exploits/50478 https://github.com/ColdFusionX/CVE-2021-34429 https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-33880

https://notcve.org/view.php?id=CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack. La biblioteca aaugustin websockets versiones anteriores a 9.1, para Python presenta una Discrepancia de Sincronización Observable en servidores cuando la Autenticación Básica HTTP está habilitada con basic_auth_protocol_factory(credentials=...). Un atacante puede ser capaz de adivinar una contraseña por medio de un ataque de sincronización • https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html • CWE-203: Observable Discrepancy •

CVSS: 7.8EPSS: 0%CPEs: 49EXPL: 0

CVE-2021-22118 – spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application

https://notcve.org/view.php?id=CVE-2021-22118

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. En Spring Framework, versiones 5.2.x anteriores a 5.2.15 y versiones 5.3.x anteriores a 5.3.7, una aplicación WebFlux es vulnerable a una escalada de privilegios: al (re)crear el directorio de almacenamiento temporal, un usuario malicioso autenticado localmente puede leer o modificar archivos que han sido subidos a la aplicación WebFlux, o sobrescribir archivos arbitrarios con petición de datos de múltiples partes • https://security.netapp.com/advisory/ntap-20210713-0005 https://tanzu.vmware.com/security/cve-2021-22118 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-22118 https://bugzilla.redhat.com/show_bug.cgi?id=1974854 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-668: Exposure of Resource to Wrong Sphere •