CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-3772 – kernel: sctp: Invalid chunks may be used to remotely remove existing associations
https://notcve.org/view.php?id=CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacante puede enviar paquetes con direcciones IP falsas • https://bugzilla.redhat.com/show_bug.cgi?id=2000694 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20221007-0001 https://ubuntu.com/security/CVE-2021-3772 https://www.debian.org/security/2022/dsa-5096 https://www.oracle.com/security-alerts/cp • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-4019 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-4019
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la Memoria A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW https://lists.fedoraproject.org/archives/list/package-announce% • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3984 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3984
vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la Memoria A flaw was found in vim. A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P https://security.gentoo.org/glsa/202208-32 https://acc • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 0CVE-2021-44143
https://notcve.org/view.php?id=CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. Se ha encontrado un fallo en mbsync en isync versiones 1.4.0 hasta 1.4.3. Debido a una condición no comprobada, un servidor IMAP malicioso o comprometido podría usar un mensaje de correo diseñado que carece de encabezados (es decir, uno que comienza con una línea vacía) para provocar un desbordamiento de la pila, que podría ser explotado para una ejecución de código remota • http://www.openwall.com/lists/oss-security/2021/12/03/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CYZ2GNB4ZO2T27D2XNUWMCS3THZYSJQU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCBSY7OZ57XNC6ZYXF6WU5KBSWITZVDX https://security.gentoo.org/glsa/202208-15 https://sourceforge.net/p/isync/isync/commit_browser https://sourceforge.net/p/isync/isync/ref/master/ta • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-39923
https://notcve.org/view.php?id=CVE-2021-39923
Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file Un gran bucle en el disector PNRP en Wireshark versiones 3.4.0 a 3.4.9 y versiones 3.2.0 a 3.2.17 permite la denegación de servicio a través de la inyección de paquetes o un archivo de captura manipulado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json https://gitlab.com/wireshark/wireshark/-/issues/17684 https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html https://www.debian.org/security/2021/dsa-5019 https://www.wireshark.org/security/wnpa-sec-2021-11.html • CWE-834: Excessive Iteration •