CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39259 – ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length
https://notcve.org/view.php?id=CVE-2021-39259
07 Sep 2021 — A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede desencadenar un acceso fuera de límites, causado por una longitud de atributo no saneada en la función ntfs_inode_lookup_by_name, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to ... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39260 – ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information()
https://notcve.org/view.php?id=CVE-2021-39260
07 Sep 2021 — A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un acceso fuera de límites en la función ntfs_inode_sync_standard_information en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentia... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39261 – ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite()
https://notcve.org/view.php?id=CVE-2021-39261
07 Sep 2021 — A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un desbordamiento del búfer en la región heap de la memoria en la función ntfs_compressed_pwrite en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to c... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39262 – ntfs-3g: Out-of-bounds access in ntfs_decompress()
https://notcve.org/view.php?id=CVE-2021-39262
07 Sep 2021 — A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede causar un acceso fuera de límites en la función ntfs_decompress en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availab... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39263 – ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute
https://notcve.org/view.php?id=CVE-2021-39263
07 Sep 2021 — A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. Una imagen NTFS diseñada puede desencadenar un desbordamiento del búfer basado en la pila, causado por un atributo no saneado en la función ntfs_get_attribute_value, en NTFS-3G versiones anteriores a 2021.8.22 The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading t... • https://github.com/tuxera/ntfs-3g/releases • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 0CVE-2021-40490 – Ubuntu Security Notice USN-5116-1
https://notcve.org/view.php?id=CVE-2021-40490
03 Sep 2021 — A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Se ha detectado una condición de carrera en la función ext4_write_inline_data_end en el archivo fs/ext4/inline.c en el subsistema ext4 en el kernel de Linux versiones hasta 5.13.13 It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager ... • https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aa • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33582 – cyrus-imapd: Denial of service via string hashing algorithm collisions
https://notcve.org/view.php?id=CVE-2021-33582
01 Sep 2021 — Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. Cyrus IMAP versiones anteriores a 3.4.2, permite a atacantes remotos causar una denegación de servicio (cuelgue del demonio de varios minutos) por medio de una entrada manejada inapropiadamente durante la interacción de la ta... • https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 1CVE-2021-40085 – openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
https://notcve.org/view.php?id=CVE-2021-40085
31 Aug 2021 — An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. Se ha detectado un problema en OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.2.1 y 18.x versiones anteriores a 18.1.1. Unos atacantes autenticados pueden reconfigurar dnsmasq por medio de un valor extra_dhcp_opts diseñado An input-validation flaw was found in openstack-neutron, where an a... • http://www.openwall.com/lists/oss-security/2021/08/31/2 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2021-40153 – squashfs-tools: unvalidated filepaths allow writing outside of destination
https://notcve.org/view.php?id=CVE-2021-40153
27 Aug 2021 — squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. La función squashfs_opendir en el archivo unsquash-1.c en Squashfs-Tools versión 4.5, almacena el nombre del archivo en la entrada del directorio; esto es entonces usado por unsquashfs para ... • https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 1CVE-2020-23226
https://notcve.org/view.php?id=CVE-2020-23226
27 Aug 2021 — Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) en Cacti versión 1.2.12, en los archivos (1) reports_admin.php, (2) data_queries.php, (3) datat.ph_inpup, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, y (7) data_input.php • https://github.com/Cacti/cacti/issues/3549 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •