CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2021-32803 – Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
https://notcve.org/view.php?id=CVE-2021-32803
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw https://www.npmjs.com/advisories/1771 https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-32803 https://bugzilla.redhat.com/show_bug.cgi?id=1990415 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-2388 – OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
https://notcve.org/view.php?id=CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://security.gentoo.org/glsa/202209-05 https://security.netapp.com/advisory/ntap-20210723-0002 https://www.debian.org/security/2021/dsa-4946 https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-2388 https://bugzilla.redhat.com/show_bug.cgi?id=1983075 • CWE-697: Incorrect Comparison •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-2341 – OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
https://notcve.org/view.php?id=CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TTUHVQF2MGUTP6GTCXLZS4GXK3XUWC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N57OFX5EJKHHDW4WAOBZFWA5CL4VIIK5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJJ75FHSUZGWPV4UJTSMQHWLOQ77LHTG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTRQIXB52KIXUAO6JBYUKYWX • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-2369 – OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)
https://notcve.org/view.php?id=CVE-2021-2369
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. • https://bugzilla.redhat.com/show_bug.cgi?id=1982879 https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://security.gentoo.org/glsa/202209-05 https://security.netapp.com/advisory/ntap-20210723-0002 https://www.debian.org/security/2021/dsa-4946 https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-2369 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 2CVE-2021-29921 – python-ipaddress: Improper input validation of octal strings
https://notcve.org/view.php?id=CVE-2021-29921
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. En Python antes de la versiones 3,9,5, la biblioteca ipaddress maneja mal los caracteres cero iniciales en los octetos de una cadena de direcciones IP. Esto (en algunas situaciones) permite a los atacantes eludir el control de acceso que se basa en las direcciones IP A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. • https://bugs.python.org/issue36384 https://docs.python.org/3/library/ipaddress.html https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst https://github.com/python/cpython/pull/12577 https://github.com/python/cpython/pull/25099 https://github.com/sickcodes https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html https://security.gentoo.org/gl • CWE-20: Improper Input Validation •