Page 56 of 765 results (0.014 seconds)

CVSS: 8.1EPSS: 10%CPEs: 40EXPL: 2

CVE-2021-22901 – curl: Use-after-free in TLS session handling when using OpenSSL TLS backend

https://notcve.org/view.php?id=CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. curl versiones 7.75.0 hasta 7.76.1 sufre de una vulnerabilidad de uso de la memoria previamente liberada que resulta en el uso de memoria ya liberada cuando un ticket de sesión TLS 1.3 llega a través de una conexión. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf https://curl.se/docs/CVE-2021-22901.html https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 https://hackerone.com/reports/1180380 https://security.netapp.com/advisory/ntap-20210723-0001 https://security.netapp.com/advisory/ntap-20210727-0007 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022. • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 2

CVE-2020-25673

https://notcve.org/view.php?id=CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS https://security.netapp.com/advisory/ntap-20210702-0008 https://www.openwall.com/lists/oss-security/2020 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2

CVE-2020-25671

https://notcve.org/view.php?id=CVE-2020-25671

A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

CVE-2020-25672

https://notcve.org/view.php?id=CVE-2020-25672

A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Se encontró una vulnerabilidad de pérdida de memoria en el kernel de Linux en la función llcp_sock_connect • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.6EPSS: 1%CPEs: 34EXPL: 0

CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c

https://notcve.org/view.php?id=CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcionalidad xml entity encoding de libxml2 en versiones anteriores a 2.9.11. Un atacante que sea capaz de proporcionar un archivo diseñado para que sea procesado por una aplicación vinculada con la funcionalidad afectada de libxml2 podría desencadenar una lectura fuera de los límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6 https://lists.fedoraproject.org/archives/list/pack • CWE-787: Out-of-bounds Write •