CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3673
https://notcve.org/view.php?id=CVE-2021-3673
A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS. Se ha encontrado una vulnerabilidad en Radare2 en versión 5.3.1. Una comprobación inapropiada de la entrada cuando es leído un binario LE diseñado puede conllevar a un agotamiento de los recursos y DoS • https://bugzilla.redhat.com/show_bug.cgi?id=1989130 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQIRJ72UALGMSWH6MYPVJQQLXFGZ23RS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIARALLVVY2362AYFSFULTZKIW6QO5R5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NFQPEPMLAOQNGZG5OHSPZBNONGG4DDJO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKGIB52R4XPCPNEW6GF56EHW7ST24IJU https:&#x • CWE-20: Improper Input Validation CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34556
https://notcve.org/view.php?id=CVE-2021-34556
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. En el kernel de Linux versiones hasta 5.13.7, un programa BPF sin privilegios puede obtener información confidencial de la memoria del kernel por medio de un ataque de canal lateral Omisión de Almacenamiento Especulativo porque el mecanismo de protección no tiene en cuenta la posibilidad de ubicaciones de memoria no inicializadas en la pila BPF • http://www.openwall.com/lists/oss-security/2021/08/01/3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4 https://lists.fedoraproject.org/a • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35477
https://notcve.org/view.php?id=CVE-2021-35477
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. En el kernel de Linux versiones 5.13.7, un programa BPF sin privilegios puede obtener información confidencial de la memoria del kernel por medio de un ataque de canal lateral de Omisión de Almacenamiento Especulativo porque una determinada operación de almacenamiento anticipada no ocurre necesariamente antes de una operación de almacenamiento que tiene un valor controlado por el atacante • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/565ZS55ZFEN62WVRRORT7R63RXW5F4T4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6JKK6XNRZX5BT5QV • CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37746
https://notcve.org/view.php?id=CVE-2021-37746
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36386 – fetchmail: DoS or information disclosure when logging long messages
https://notcve.org/view.php?id=CVE-2021-36386
report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. Una función report_vbuild en el archivo report.c en Fetchmail versiones anteriores a 6.4.20, a veces omite la inicialización del argumento vsnprintf va_list, lo que podría permitir a servidores de correo causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de largos mensajes de error. NOTA: no está claro si el uso de Fetchmail en cualquier plataforma realista presenta un impacto más allá de un inconveniente para el usuario cliente A flaw was found in fetchmail. The flaw lies in how fetchmail when running in verbose mode using the -v flag tries to log long messages that are created from long headers. • http://www.openwall.com/lists/oss-security/2021/07/28/5 http://www.openwall.com/lists/oss-security/2021/08/09/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGYO5AHSXTCKA4NQC2Z4H3XMMYNAGC77 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIXKO6QW3AUHGJVWKJXBCOVBYJUJRBFC https://security.gentoo.org/glsa/202209-14 https://www.fetchmail.info/fetchmail-SA-2021-01.txt https://www.fetchmail.info/security.html https:/ • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •