CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3466
https://notcve.org/view.php?id=CVE-2021-3466
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. Se ha encontrado un fallo en libmicrohttpd. • https://bugzilla.redhat.com/show_bug.cgi?id=1939127 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG https://security.gentoo.org/glsa/202311-08 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28968
https://notcve.org/view.php?id=CVE-2021-28968
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. Se detectó un problema en PunBB versiones anteriores a 1.4.6. Una vulnerabilidad de tipo XSS en la etiqueta [email] BBcode permite (con autenticación) inyectar JavaScript arbitrario en cualquier mensaje del foro • https://punbb.informer.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3418
https://notcve.org/view.php?id=CVE-2021-3418
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. Si los certificados que firmaron grub están instalados en db, grub puede ser arrancado directamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1933757 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20232 – gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c
https://notcve.org/view.php?id=CVE-2021-20232
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en la función client_send_params en la biblioteca lib/ext/pre_shared_key.c puede conllevar a una corrupción en la memoria y otras potenciales consecuencias A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922275 https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E https://lists.apach • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2021-20231 – gnutls: Use after free in client key_share extension
https://notcve.org/view.php?id=CVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Se encontró un defecto en gnutls. Un uso de la memoria previamente liberada en el cliente que envía la extensión key_share puede conllevar a una corrupción de la memoria y otras consecuencias A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=1922276 https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779%40%3Cissues.spark.apache.org%3E https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7%40%3Cissues.spark.apache.org%3E https://lists.apach • CWE-416: Use After Free •