CVE-2020-13950 – mod_proxy_http NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-13950
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service Apache HTTP Server versiones 2.4.41 a 2.4.46 la función mod_proxy_http puede bloquearse (desviación del puntero NULL) con peticiones especialmente diseñadas que utilicen las encabezados Content-Length y Transfer-Encoding, provocando una denegación de servicio A flaw was found In Apache httpd. The mod_proxy has a NULL pointer dereference. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://httpd.apache.org/security/vulnerabilities_24.html http://www.openwall.com/lists/oss-security/2021/06/10/4 https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/rbe197409ae4a58b629fb792d1aed541ccbbf865121a80e1c5938d223%40%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40list • CWE-476: NULL Pointer Dereference •
CVE-2021-28169 – jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
https://notcve.org/view.php?id=CVE-2021-28169
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. Para Eclipse Jetty versiones anteriores a 9.4.40 incluyéndola, versiones anteriores a 10.0.2 incluyéndola, versiones anteriores a 11.0.2 incluyéndola, es posible que las peticiónes al ConcatServlet con una ruta doblemente codificada acceder a recursos protegidos dentro del directorio WEB-INF. • https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq https://lists.apache.org/thread.html/r04a4b4553a23aff26f42635a6ae388c3b162aab30a88d12e59d05168%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/r234f6452297065636356f43654cdacef565b8f9ceb0e0c07ffb8c73b%40%3Cdev.kafka.apache.org%3E https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E https://lists.apache.org/thread.html/r284de9c5399486dfff12ab9e7323ca720dd7019a9a3e11c8510a7140%40%3Cjira.kafka.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-33560 – libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
https://notcve.org/view.php?id=CVE-2021-33560
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Libgcrypt versiones anteriores a 1.8.8 y versiones 1.9.x anteriores a 1.9.3, maneja inapropiadamente el cifrado de ElGamal porque carece de cegado de exponentes para hacer frente a un ataque de canal lateral contra la función mpi_powm, y el tamaño de la ventana no se elige apropiadamente. Esto, por ejemplo, afecta el uso de ElGamal en OpenPGP. A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. • https://github.com/IBM/PGP-client-checker-CVE-2021-33560 https://dev.gnupg.org/T5305 https://dev.gnupg.org/T5328 https://dev.gnupg.org/T5466 https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61 https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-22222
https://notcve.org/view.php?id=CVE-2021-22222
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file Un bucle infinito en el DVB-S2-BB dissector de Wireshark versiones 3.4.0 hasta 3.4.5, permite una denegación de servicio por medio de inyección de paquetes o un archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json https://gitlab.com/wireshark/wireshark/-/merge_requests/3130 https://security.gentoo.org/glsa/202107-21 https://www.debian.org/security/2021/dsa-5019 https://www.oracle.com/security-alerts/cpuoct2021.html https://www.wireshark.org/security/wnpa-sec-2021-05.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-3551 – pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file
https://notcve.org/view.php?id=CVE-2021-3551
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el servidor PKI, donde el comando spkispawn, cuando es ejecutado en modo de depuración, almacena las credenciales de administrador en el archivo de registro de la instalación. Este fallo permite a un atacante local recuperar el archivo para obtener la contraseña de administrador y alcanzar privilegios de administrador en el administrador de Dogtag CA. • https://bugzilla.redhat.com/show_bug.cgi?id=1959971 https://access.redhat.com/security/cve/CVE-2021-3551 • CWE-312: Cleartext Storage of Sensitive Information •