CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43056 – kernel: ppc: kvm: allows a malicious KVM guest to crash the host
https://notcve.org/view.php?id=CVE-2021-43056
28 Oct 2021 — An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. Se ha detectado un problema en el kernel de Linux para powerpc versiones anteriores a 5.14.15. Permite que un invitado KVM malicioso bloquee el host, cuando éste es ejecutado en Power8, debido a un error de implementación de arch/powerpc/k... • http://www.openwall.com/lists/oss-security/2021/10/28/1 • CWE-252: Unchecked Return Value •
CVSS: 5.3EPSS: 0%CPEs: 51EXPL: 0CVE-2021-25219 – Lame cache can be abused to severely degrade resolver performance
https://notcve.org/view.php?id=CVE-2021-25219
27 Oct 2021 — In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant d... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3903 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-3903
27 Oct 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 ESM. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. • http://www.openwall.com/lists/oss-security/2022/01/15/1 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 39%CPEs: 72EXPL: 1CVE-2021-41182 – XSS in the `altField` option of the Datepicker widget
https://notcve.org/view.php?id=CVE-2021-41182
26 Oct 2021 — jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources. jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. • https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 54EXPL: 1CVE-2021-41183 – XSS in `*Text` options of the Datepicker widget
https://notcve.org/view.php?id=CVE-2021-41183
26 Oct 2021 — jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. • https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 46%CPEs: 53EXPL: 1CVE-2021-41184 – XSS in the `of` option of the `.position()` util
https://notcve.org/view.php?id=CVE-2021-41184
26 Oct 2021 — jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources. jQuery-UI es la biblioteca oficial de interfaz de usuario de jQuery. • https://github.com/gabrielolivra/Exploit-Medium-CVE-2021-41184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-21703 – PHP-FPM memory access in root process leading to privilege escalation
https://notcve.org/view.php?id=CVE-2021-21703
25 Oct 2021 — In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root us... • http://www.openwall.com/lists/oss-security/2021/10/26/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 2CVE-2021-42716 – Gentoo Linux Security Advisory 202409-15
https://notcve.org/view.php?id=CVE-2021-42716
21 Oct 2021 — An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location. Se ha detectado un problema en stb stb_image.h versión 2.27. El cargador de PNM interpretaba incorrectamente los archivos P... • https://github.com/nothings/stb/issues/1166 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-42715 – Gentoo Linux Security Advisory 202409-15
https://notcve.org/view.php?id=CVE-2021-42715
21 Oct 2021 — An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files. Se ha detectado un problema en stb stb_image.h versiones 1.33 hasta 2.27. El cargador HDR analizaba líneas de exploración RLE truncadas al final del archivo como una secuencia infinita de ejecuciones de longitud cero. • https://github.com/nothings/stb/issues/1224 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41160 – Improper region checks in FreeRDP allow out of bound write to memory
https://notcve.org/view.php?id=CVE-2021-41160
21 Oct 2021 — FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) ... • https://github.com/Jajangjaman/CVE-2021-41160 • CWE-787: Out-of-bounds Write •