CVSS: 9.1EPSS: 2%CPEs: 7EXPL: 0CVE-2021-35942 – glibc: Arbitrary read in wordexp()
https://notcve.org/view.php?id=CVE-2021-35942
22 Jul 2021 — The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. La función wordexp de la biblioteca GNU C (también se conoce como glibc) versiones hasta 2.33, puede bloquearse o leer memoria arbitraria en la función... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 93%CPEs: 22EXPL: 4CVE-2021-34429 – Eclipse Jetty 11.0.5 - Sensitive File Disclosure
https://notcve.org/view.php?id=CVE-2021-34429
15 Jul 2021 — For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser diseñados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas r... • https://packetstorm.news/files/id/180705 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 3.6EPSS: 0%CPEs: 19EXPL: 1CVE-2021-34428 – jetty: SessionListener can prevent a session from being invalidated breaking logout
https://notcve.org/view.php?id=CVE-2021-34428
22 Jun 2021 — For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Para Eclipse Jetty versiones anteriores a 9.4.40 incluyéndola, versiones anteriores a 10.0.2 incluyéndola, versio... • https://github.com/Trinadh465/jetty_9.4.31_CVE-2021-34428 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26993
https://notcve.org/view.php?id=CVE-2021-26993
11 Jun 2021 — E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. E-Series SANtricity OS Controller Software versiones 11.x anteriores a versión 11.70.1, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría permitir a un atacante remoto causar una denegación de servicio (DoS) parcial en el servidor web • https://security.netapp.com/advisory/NTAP-20210610-0001 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-26995
https://notcve.org/view.php?id=CVE-2021-26995
11 Jun 2021 — E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code. E-Series SANtricity OS Controller Software versiones 11.x anteriores a versión 11.70.1, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría permitir a atacantes con privilegios ejecutar código arbitrario • https://security.netapp.com/advisory/NTAP-20210610-0002 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26996
https://notcve.org/view.php?id=CVE-2021-26996
11 Jun 2021 — E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks. E-Series SANtricity OS Controller Software versiones 11.x anteriores a 11.70.1, son susceptibles de una vulnerabilidad que, cuando se explota con éxito, podría permitir a un atacante remoto detectar información de configuración de... • https://security.netapp.com/advisory/NTAP-20210610-0003 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26997
https://notcve.org/view.php?id=CVE-2021-26997
11 Jun 2021 — E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging which may aid in crafting more complex attacks. E-Series SANtricity OS Controller Software versiones 11.x anteriores a versión 11.70.1, son susceptibles a una vulnerabilidad que, si se explota con éxito, podría permitir a un atacante remoto detectar información por medio de mensajes de error qu... • https://security.netapp.com/advisory/NTAP-20210610-0004 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 1CVE-2021-33574 – glibc: mq_notify does not handle separately allocated thread attributes
https://notcve.org/view.php?id=CVE-2021-33574
25 May 2021 — The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. La función mq_notify de la Biblioteca C de GNU (también conocida como glibc) versiones 2.32 y 2.33 tiene un use-after-free. Puede utilizar el objeto de atributos del hilo de notificac... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
19 May 2021 — There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcion... • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-3522 – Ubuntu Security Notice USN-4959-1
https://notcve.org/view.php?id=CVE-2021-3522
18 May 2021 — GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags. GStreamer versiones anteriores a 1.18.4, puede llevar a cabo una lectura fuera de límites al manejar determinadas etiquetas ID3v2 Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution. Versions less than 1.16.3 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1954761 • CWE-125: Out-of-bounds Read •