CVE-2021-31799 – rubygem-rdoc: Command injection vulnerability in RDoc
https://notcve.org/view.php?id=CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. En RDoc versiones 3.11 hasta 6.x versiones anteriores a 6.3.1, como se distribuye con Ruby versiones hasta 3.0.1, es posible ejecutar código arbitrario por medio de | y etiquetas en un nombre de archivo An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. • https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html https://security-tracker.debian.org/tracker/CVE-2021-31799 https://security.gentoo.org/glsa/202401-05 https://security.netapp.com/advisory/ntap-20210902-0004 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc https://access.redhat.com/security/cve/CVE-2021-31799 https://bugzilla.redhat.com/show_bug.cgi?id=1980132 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-37159 – kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
https://notcve.org/view.php?id=CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. la función hso_free_net_device en el archivo drivers/net/usb/hso.c en el kernel de Linux versiones hasta 5.13.4 llama a unregister_netdev sin comprobar el estado NETREG_REGISTERED, conllevando a un uso de memoria previamente liberada y un double free A flaw use-after-free in the Linux kernel USB High Speed Mobile Devices functionality was found in the way user detaches USB device. A local user could use this flaw to crash the system or escalate their privileges on the system. • https://bugzilla.suse.com/show_bug.cgi?id=1188601 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20210819-0003 https://www.oracle.com/security-al • CWE-415: Double Free CWE-416: Use After Free •
CVE-2021-2388 – OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)
https://notcve.org/view.php?id=CVE-2021-2388
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://security.gentoo.org/glsa/202209-05 https://security.netapp.com/advisory/ntap-20210723-0002 https://www.debian.org/security/2021/dsa-4946 https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-2388 https://bugzilla.redhat.com/show_bug.cgi?id=1983075 • CWE-697: Incorrect Comparison •
CVE-2021-2341 – OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
https://notcve.org/view.php?id=CVE-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. • https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TTUHVQF2MGUTP6GTCXLZS4GXK3XUWC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N57OFX5EJKHHDW4WAOBZFWA5CL4VIIK5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PJJ75FHSUZGWPV4UJTSMQHWLOQ77LHTG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTRQIXB52KIXUAO6JBYUKYWX • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-33909 – kernel: size_t-to-int conversion vulnerability in the filesystem layer
https://notcve.org/view.php?id=CVE-2021-33909
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Un archivo fs/seq_file.c en el kernel de Linux versiones 3.16 hasta 5.13.x anteriores a 5.13.4, no restringe apropiadamente las asignaciones de búferes seq, conllevando a un desbordamiento de enteros, una escritura fuera de límites y una escalada a root por parte de un usuario no privilegiado, también se conoce como CID-8cae8cd89f05 An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. • https://github.com/Liang2580/CVE-2021-33909 https://github.com/ChrisTheCoolHut/CVE-2021-33909 https://github.com/bbinfosec43/CVE-2021-33909 http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •