Page 52 of 1215 results (0.016 seconds)

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-32610 – php-pear: Directory traversal vulnerability

https://notcve.org/view.php?id=CVE-2021-32610

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. En Archive_Tar versiones anteriores a 1.4.14, los enlaces simbólicos pueden referirse a objetivos fuera del archivo extraído, una vulnerabilidad diferente a CVE-2020-36193 • https://github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755 https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f https://github.com/pear/Archive_Tar/releases/tag/1.4.14 https://lists.debian.org/debian-lts-announce/2021/07/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS https:/& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

CVE-2021-37576 – kernel: powerpc: KVM guest OS users can cause host OS memory corruption

https://notcve.org/view.php?id=CVE-2021-37576

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. El archivo arch/powerpc/kvm/book3s_rtas.c en el kernel de Linux versiones hasta 5.13.5, en la plataforma powerpc permite a usuarios del Sistema Operativo invitado de KVM causar una corrupción en la memoria del Sistema Operativo host por medio de rtas_args.nargs, también se conoce como CID-f62f3c20647e A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/07/27/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDFA7DSQIPM7XPNXJBXFWXHJFVUBCAG6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2YZ2DNURMYYVDT2NYAFDESJC35KCUDS https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u https://security.n • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1

CVE-2021-31292 – exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS

https://notcve.org/view.php?id=CVE-2021-31292

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Un desbordamiento de enteros en la función CrwMap::encode0x1810 de Exiv2 versión 0.27.3 permite a atacantes desencadenar un desbordamiento del búfer en la región heap de la memoria y causar una denegación de servicio (DOS) por medio de metadatos diseñados A flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service availability. • https://github.com/Exiv2/exiv2/issues/1530 https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FMDT4PJB7P43WSOM3TRQIY3J33BAFVVE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYGDELIFFJWKUU7SO3QATCIXCZJERGAC https://security.gentoo.org/glsa/202312-06 https://www.debian.org/security/2021/dsa-4958 https://access.redhat.com/security/cve/CVE-2021-31292 https:/&#x • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •

CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-32791 – Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

https://notcve.org/view.php?id=CVE-2021-32791

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un OpenID Connect Provider. En mod_auth_openidc versiones anteriores a 2.4.9, el cifrado AES GCM en mod_auth_openidc usa un IV estático y un AAD. • https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9 https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-32792 – XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc

https://notcve.org/view.php?id=CVE-2021-32792

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. mod_auth_openidc es un módulo de autenticación/autorización para el servidor HTTP Apache versión 2.x que funciona como OpenID Connect Relying Party, autenticando a usuarios contra un proveedor de OpenID Connect. En mod_auth_openidc versiones anteriores a 2.4.9, se presenta una vulnerabilidad de tipo XSS cuando se usa el parámetro "OIDCPreservePost On" A flaw was found in mod_auth_openidc. When mod_auth_openidc is configured with `OIDCPreservePost On` it is possible to trigger a cross site scripting(XSS) vulnerability that could be used by a remote attacker to execute code on the browser of the victim user. The highest threat from this flaw is to data confidentiality and integrity. • https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 https://github.com/zmartzone/mod_auth_openidc/releases/tag/v2.4.9 https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j https://lists.debian.org/debian-lts-announce/2023/04/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZVF6BSJLRQZ7PFFR4X5JSU6KUJYNOCU https • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •