CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32679 – Filenames not escaped by default in controllers using DownloadResponse
https://notcve.org/view.php?id=CVE-2021-32679
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized into a `DownloadResponse`, this could be used to trick users into downloading malicious files with a benign file extension. This would show in UI behaviours where Nextcloud applications would display a benign file extension (e.g. JPEG), but the file will actually be downloaded with an executable file extension. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3hjp-26x8-mhf6 https://github.com/nextcloud/server/pull/27354 https://hackerone.com/reports/1215263 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ https://security.gentoo.org/glsa/202208-17 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-32678 – Ratelimit not applied on OCS API responses
https://notcve.org/view.php?id=CVE-2021-32678
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48rx-3gmf-g74j https://github.com/nextcloud/server/pull/27329 https://hackerone.com/reports/1214158 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ https://security.gentoo.org/glsa/202208-17 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-799: Improper Control of Interaction Frequency •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3571 – linuxptp: wrong length of one-step follow-up in transparent clock
https://notcve.org/view.php?id=CVE-2021-3571
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. Se ha encontrado un fallo en el programa ptp4l del paquete linuxptp. • https://bugzilla.redhat.com/show_bug.cgi?id=1966241 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ https://access.redhat.com/security/cve/CVE-2021-3571 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-21775 – webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
https://notcve.org/view.php?id=CVE-2021-21775
A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. Se presenta una vulnerabilidad de uso de memoria previamente liberada en la forma en que se procesan determinados eventos para los objetos ImageLoader de Webkit WebKitGTK versión 2.30.4. Una página web especialmente diseñada puede conllevar a un potencial filtrado de información y una mayor corrupción de memoria. • http://www.openwall.com/lists/oss-security/2021/07/23/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYMMBQN4PRVDLMIJT2LY2BWHLYBD57P3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V4QORERLPDN3UNNJFJSOMHZZCU2G75Q6 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229 https://www.debian.org/security/2021/dsa-4945 https://access.redhat.com/security/cve/CVE-2021-21775 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 19EXPL: 0CVE-2021-3570 – linuxptp: missing length check of forwarded messages
https://notcve.org/view.php?id=CVE-2021-3570
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. Se ha encontrado un fallo en el programa ptp4l del paquete linuxptp. • https://bugzilla.redhat.com/show_bug.cgi?id=1966240 https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ https://www.debian.org/security/2021/dsa-4938 https://access.redhat.com/security/cve/CVE-2021-3570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •