Page 45 of 1215 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-37621 – Denial of service due to infinite loop in Image::printIFDStructure

https://notcve.org/view.php?id=CVE-2021-37621

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). • https://github.com/Exiv2/exiv2/pull/1778 https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.9EPSS: 1%CPEs: 9EXPL: 0

CVE-2021-36221 – golang: net/http/httputil: panic due to racy read of persistConn after handler panic

https://notcve.org/view.php?id=CVE-2021-36221

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. Go versiones anteriores a 1.15.15 y 1.16.x versiones anteriores a 1.16.7, presenta una condición de carrera que puede conllevar un pánico de net/http/httputil ReverseProxy al abortar ErrAbortHandler A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf https://groups.google.com/forum/#%21forum/golang-announce https://groups.google.com/g/golang-announce/c/JvWG9FUUYT0 https://groups.google.com/g/golang-announce/c/uHACNfXAZqk https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://lists.fedoraproject.org/archives/list/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-38166

https://notcve.org/view.php?id=CVE-2021-38166

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability. En el archivo kernel/bpf/hashtab.c en el kernel de Linux versiones hasta 5.13.8, se presenta un desbordamiento de enteros y una escritura fuera de límites cuando son colocados muchos elementos en un solo cubo. NOTA: una explotación puede ser poco práctica sin la capacidad CAP_SYS_ADMIN • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUVLBJKZMWA3E3YXSH4SZ7BOYGJP4GXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UL6CH5M5PRLMA3KPBX4LPUO6Z73GRISO https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu%40gmail.com https://security.netapp.com/advisory/ntap-20210909-0001 https://www.debian.org/security/2021/ • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-38165 – lynx: Disclosure of HTTP authentication credentials via SNI data

https://notcve.org/view.php?id=CVE-2021-38165

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication (SNI) TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication credentials to attackers able to eavesdrop on network connection between the lynx browser and the server. • http://www.openwall.com/lists/oss-security/2021/08/07/11 http://www.openwall.com/lists/oss-security/2021/08/07/12 http://www.openwall.com/lists/oss-security/2021/08/07/9 https://bugs.debian.org/991971 https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118 https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW • CWE-522: Insufficiently Protected Credentials •

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 1

CVE-2021-22922 – curl: Content not matching hash in Metalink is not being discarded

https://notcve.org/view.php?id=CVE-2021-22922

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. Cuando es instruido a curl descargar un contenido usando la funcionalidad metalink, el contenido es comprobado con un hash proporcionado en el archivo XML metalink. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1213175 https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cuser • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions CWE-840: Business Logic Errors •