CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-21900
https://notcve.org/view.php?id=CVE-2021-21900
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dxfRW::processLType() de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dxf especialmente diseñado puede conllevar a una vulnerabilidad de uso de memoria previamente liberada. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351 https://www.debian.org/security/2022/dsa-5077 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 1CVE-2021-39922
https://notcve.org/view.php?id=CVE-2021-39922
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file Desbordamiento del búfer en el disector C12.22 en Wireshark versiones 3.4.0 a 3.4.9 y 3.2.0 a 3.2.17, permite una denegación de servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39922.json https://gitlab.com/wireshark/wireshark/-/issues/17636 https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH https://security.gentoo.org/glsa/202210-04 https://www.debian.o • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-39929
https://notcve.org/view.php?id=CVE-2021-39929
Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file Una recursión no controlada en el disector DHT de Bluetooth en Wireshark versiones 3.4.0 a 3.4.9 y 3.2.0 a 3.2.17, permite una denegación de servicio por medio de una inyección de paquetes o un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39929.json https://gitlab.com/wireshark/wireshark/-/issues/17651 https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH https://security.gentoo.org/glsa/202210-04 https://www.debian.o • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 20EXPL: 1CVE-2021-43975 – kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
https://notcve.org/view.php?id=CVE-2021-43975
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. En el kernel de Linux versiones hasta 5.15.2, la función hw_atl_utils_fw_rpc_wait en el archivo drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c permite a un atacante (que puede introducir un dispositivo diseñado) desencadenar una escritura fuera de límites por medio de un valor de longitud diseñado An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T https&# • CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0CVE-2021-43976 – kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device
https://notcve.org/view.php?id=CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). En el kernel de Linux versiones hasta 5.15.2, la función mwifiex_usb_recv en el archivo drivers/net/wireless/marvell/mwifiex/usb.c permite a un atacante (que puede conectar un dispositivo USB diseñado) causar una denegación de servicio (skb_over_panic) A denial of service flaw was found in mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c in the usb subsystem of the Linux kernel. This is due to a missing clean-up for a malfunctioning usb device with an unknown recv_type. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04d80663f67ccef893061b49ec8a42ff7045ae84 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD https://patchwork.kernel.org/projec • CWE-459: Incomplete Cleanup •