CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 1CVE-2021-4166 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4166
25 Dec 2021 — vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the... • http://seclists.org/fulldisclosure/2022/Jul/14 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 56%CPEs: 37EXPL: 0CVE-2021-44224 – Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44224
20 Dec 2021 — A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). Un URI diseñado que es enviado a httpd configurado como proxy directo (ProxyRequests on) puede causar un fallo (desreferencia de puntero NUL... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 16%CPEs: 35EXPL: 3CVE-2021-44790 – Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
https://notcve.org/view.php?id=CVE-2021-44790
20 Dec 2021 — A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. Un cuerpo de petición cuidadosamente diseñado puede causar un desbordamiento de búfer en el analizador multiparte mod_lua (r:parsebody() llamado desde scripts Lua). El equipo de Apache httpd no presenta const... • https://packetstorm.news/files/id/171631 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 1CVE-2021-4136 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2021-4136
19 Dec 2021 — vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable al desbordamiento del búfer en la región Heap de la memoria macOS Monterey 12.3 addresses buffer overflow, bypass, code execution, denial of service, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2022/Jul/14 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2021-30767 – Apple Security Advisory 2021-12-15-4
https://notcve.org/view.php?id=CVE-2021-30767
17 Dec 2021 — A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system. Se abordó un problema de lógica con la administración de estados mejorada. Este problema se ha corregido en macOS Big Sur versión 11.6.2, macOS Monterey versión 12.1, Security Update 2021-008 Catalina, iOS versión 15.2 y iPadOS versión 15.2,... • https://support.apple.com/en-us/HT212975 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30817
https://notcve.org/view.php?id=CVE-2021-30817
28 Oct 2021 — A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family Sharing with. Se abordó un problema de permisos con una comprobación mejorada. Este problema se corrigió en macOS Big Sur versión 11.5. • https://support.apple.com/en-us/HT212602 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1821
https://notcve.org/view.php?id=CVE-2021-1821
28 Oct 2021 — A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service. Se abordó un problema de lógica con una administración de estado mejorada. Este problema se corrigió en watchOS versión 7.6 y macOS Big Sur versión 11.5. • https://support.apple.com/en-us/HT212602 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30840 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2021-30840
28 Oct 2021 — This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution. Este problema Se abordó con comprobaciones mejoradas. Este problema se corrigió en tvOS versión 15, watchOS versión 8, iOS versión 15 y iPadOS versión 15. • https://support.apple.com/en-us/HT212814 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30809 – webkitgtk: Use-after-free leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30809
28 Oct 2021 — A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de memoria previamente liberada con una administración de la memoria mejorada. Este problema se corrigió en Safari versión 15, tvOS versión 15, watchOS versión 8, iOS versión 15 y iPadOS versión 15. • http://www.openwall.com/lists/oss-security/2021/12/20/6 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-30818 – webkitgtk: Type confusion issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30818
28 Oct 2021 — A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de confusión de tipos con el manejo del estado mejorado. Este problema se corrigió en iOS versión 14.8 y iPadOS versión 14.8, tvOS versión 15, iOS versión 15 y iPadOS versión 15, Safari versión 15, watchOS versión 8. • http://www.openwall.com/lists/oss-security/2021/12/20/6 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •