CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27345
https://notcve.org/view.php?id=CVE-2021-27345
10 Jun 2021 — A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. Se detectó una desviación de puntero null en la función ucompthread en el archivo stream.c en Irzip versión 0.631 que permite a atacantes causar una denegación de servicio (DOS) por medio de un archivo comprimido diseñado • https://github.com/ckolivas/lrzip/issues/164 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-25467 – Ubuntu Security Notice USN-5840-1
https://notcve.org/view.php?id=CVE-2020-25467
10 Jun 2021 — A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. Se detectó una desviación de puntero null en la función lzo_decompress_buf en el archivo stream.c en Irzip versión 0.621 que permite a un atacante causar una denegación de servicio (DOS) por medio de un archivo comprimido diseñado It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system w... • https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27347
https://notcve.org/view.php?id=CVE-2021-27347
10 Jun 2021 — Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. Un uso de memoria previamente liberada en la función lzma_decompress_buf en el archivo stream.c en Irzip versión 0.631 permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo comprimido diseñado • https://github.com/ckolivas/lrzip/issues/165 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 24%CPEs: 10EXPL: 0CVE-2021-30641 – Unexpected URL matching with 'MergeSlashes OFF'
https://notcve.org/view.php?id=CVE-2021-30641
10 Jun 2021 — Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' Apache HTTP Server versiones 2.4.39 a 2.4.46. Un Comportamiento inesperado de coincidencia con el parámetro "MergeSlashes OFF" A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 49%CPEs: 12EXPL: 0CVE-2021-26691 – Apache HTTP Server mod_session response handling heap overflow
https://notcve.org/view.php?id=CVE-2021-26691
10 Jun 2021 — In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow Apache HTTP Server versiones 2.4.0 a 2.4.46 , un parámetro SessionHeader especialmente diseñado enviado por un servidor de origen podría causar un desbordamiento de pila A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBo... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 54%CPEs: 10EXPL: 3CVE-2021-26690 – mod_session NULL pointer dereference
https://notcve.org/view.php?id=CVE-2021-26690
10 Jun 2021 — Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service Apache HTTP Server versiones 2.4.0 a 2.4.46, un encabezado de Cookie especialmente diseñado y gestionado por la función mod_session puede causar una desviación del puntero NULL y un fallo, lo que puede causar una denegación de servicio A NULL pointer dereference was found in Apache httpd mod_session. The highest threat fr... • https://github.com/7own/CVE-2021-26690---Apache-mod_session • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 17%CPEs: 10EXPL: 0CVE-2020-13950 – mod_proxy_http NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-13950
10 Jun 2021 — Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service Apache HTTP Server versiones 2.4.41 a 2.4.46 la función mod_proxy_http puede bloquearse (desviación del puntero NULL) con peticiones especialmente diseñadas que utilicen las encabezados Content-Length y Transfer-Encoding, provocando una denegación de servicio A flaw was found In Apac... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.3EPSS: 6%CPEs: 10EXPL: 0CVE-2020-35452 – mod_auth_digest possible stack overflow by one nul byte
https://notcve.org/view.php?id=CVE-2020-35452
10 Jun 2021 — Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow Apache HTTP Server versiones 2.4.0 a 2.4.46 Un Digest nonce especialmente diseñado puede causa... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2021-0129 – kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
https://notcve.org/view.php?id=CVE-2021-0129
09 Jun 2021 — Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Un control de acceso inapropiado en BlueZ puede permitir a un usuario autenticado permitir potencialmente una divulgación de información por medio de un acceso adyacente A flaw was found in the Linux kernel. Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. The highest threat from this vulnerability... • https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33833 – Gentoo Linux Security Advisory 202107-29
https://notcve.org/view.php?id=CVE-2021-33833
09 Jun 2021 — ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). ConnMan (también se conoce como Connection Manager) versiones 1.30 hasta 1.39, presenta un desbordamiento del búfer en la región stack de la memoria en el parámetro uncompress en el archivo dnsproxy.c por medio de NAME, RDATA o RDLENGTH (para A o AAAA) A buffer overflow in ConnMan might allow remote attacker(s) to execute arbitrary code. Versions less... • http://www.openwall.com/lists/oss-security/2021/06/09/1 • CWE-787: Out-of-bounds Write •