CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3632 – keycloak: Anyone can register a new device when there is no device registered for passwordless login
https://notcve.org/view.php?id=CVE-2021-3632
14 Sep 2021 — A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. Se ha encontrado un fallo en Keycloak. Esta vulnerabilidad permite a cualquiera registrar un nuevo dispositivo de seguridad o llave cuando no se presenta un dispositivo ya registrado para ningún usuario, al usar el flujo de inicio de sesión sin contraseña de WebAuthn. Red Hat Single Sign-On 7.4 is a ... • https://access.redhat.com/security/cve/CVE-2021-3632 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3746 – openSUSE Security Advisory - openSUSE-SU-2021:3004-1
https://notcve.org/view.php?id=CVE-2021-3746
09 Sep 2021 — A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. Se ha encontrado un fallo en el código de libtpms que puede causar un acceso más allá de los límites de ... • https://bugzilla.redhat.com/show_bug.cgi?id=1998588 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 1CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
09 Sep 2021 — A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the en... • https://github.com/rami08448/CVE-2021-3656-Demo • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3597 – undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
https://notcve.org/view.php?id=CVE-2021-3597
08 Sep 2021 — A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. Se ha encontrado un fallo en Undertow. • https://bugzilla.redhat.com/show_bug.cgi?id=1970930 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-39251 – ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open()
https://notcve.org/view.php?id=CVE-2021-39251
07 Sep 2021 — A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar una desreferencia de puntero NULL en la función ntfs_extent_inode_open en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to an input validation attack. When processing a crafted NTFS image there is an improper check. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Kernel-based... • http://www.openwall.com/lists/oss-security/2021/08/30/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-33285 – ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of bytes_in_use value in MFT records
https://notcve.org/view.php?id=CVE-2021-33285
07 Sep 2021 — In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing... • http://www.openwall.com/lists/oss-security/2021/08/30/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2021-3622 – hivex: stack overflow due to recursive call of _get_children()
https://notcve.org/view.php?id=CVE-2021-3622
31 Aug 2021 — A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en hivex library. Este fallo permite a un atacante introducir un archivo del Registro de Windows (hive) especialmente diseñado, lo que causaría que hivex llamara recursivamente a la func... • https://bugzilla.redhat.com/show_bug.cgi?id=1975489 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2021-40153 – squashfs-tools: unvalidated filepaths allow writing outside of destination
https://notcve.org/view.php?id=CVE-2021-40153
27 Aug 2021 — squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. La función squashfs_opendir en el archivo unsquash-1.c en Squashfs-Tools versión 4.5, almacena el nombre del archivo en la entrada del directorio; esto es entonces usado por unsquashfs para ... • https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3634 – libssh: possible heap-based buffer overflow when rekeying
https://notcve.org/view.php?id=CVE-2021-3634
26 Aug 2021 — A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. • https://bugzilla.redhat.com/show_bug.cgi?id=1978810 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-3667 – libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
https://notcve.org/view.php?id=CVE-2021-3667
23 Aug 2021 — An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to s... • https://bugzilla.redhat.com/show_bug.cgi?id=1986094 • CWE-667: Improper Locking •