CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2021-3629 – undertow: potential security issue in flow control over HTTP/2 may lead to DOS
https://notcve.org/view.php?id=CVE-2021-3629
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. Se ha encontrado un fallo en Undertow. • https://bugzilla.redhat.com/show_bug.cgi?id=1977362 https://security.netapp.com/advisory/ntap-20220729-0008 https://access.redhat.com/security/cve/CVE-2021-3629 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2021-43618 – gmp: Integer overflow and resultant buffer overflow via crafted input
https://notcve.org/view.php?id=CVE-2021-43618
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. GNU Multiple Precision Arithmetic Library (GMP) versiones hasta 6.2.1, presenta un desbordamiento de enteros mpz/inp_raw.c y un desbordamiento de búfer resultante por medio de una entrada diseñada, conllevando a un fallo de segmentación en plataformas de 32 bits A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2022/Oct/8 http://www.openwall.com/lists/oss-security/2022/10/13/3 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html https://security.gentoo.org/glsa/202309-13 https://security.netapp.com/advisory/ntap-20221111-0001 https://access.redhat.com/security/cve/CVE-2021-43618&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3800 – glib2: Possible privilege escalation thourgh pkexec and aliases
https://notcve.org/view.php?id=CVE-2021-3800
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. Se ha encontrado un fallo en glib versiones anteriores a 2.63.6. Debido a los alias de conjuntos de caracteres aleatorios, pkexec puede filtrar el contenido de los archivos propiedad de usuarios con privilegios a los que no los presentan bajo la condición apropiada. • https://access.redhat.com/security/cve/CVE-2021-3800 https://bugzilla.redhat.com/show_bug.cgi?id=1938284 https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995 https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html https://security.netapp.com/advisory/ntap-20221028-0004 https://www.openwall.com/lists/oss-security/2017/06/23/8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2021-22096 – springframework: malicious input leads to insertion of additional log entries
https://notcve.org/view.php?id=CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. En Spring Framework versiones 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, y en versiones anteriores no soportadas, es posible para un usuario proporcionar una entrada maliciosa para causar una inserción de entradas de registro adicionales • https://security.netapp.com/advisory/ntap-20211125-0005 https://tanzu.vmware.com/security/cve-2021-22096 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2021-22096 https://bugzilla.redhat.com/show_bug.cgi?id=2034584 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2021-35621 – Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35621
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. • https://security.netapp.com/advisory/ntap-20211022-0003 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.zerodayinitiative.com/advisories/ZDI-21-1232 •