CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 3CVE-2021-45417 – aide: heap-based buffer overflow on outputs larger than B64_BUF
https://notcve.org/view.php?id=CVE-2021-45417
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. AIDE versiones anteriores a 0.17.4, permite a usuarios locales obtener privilegios de root por medio de metadatos de archivo diseñados (como atributos extendidos de XFS o ACLs de tmpfs), debido a un desbordamiento de búfer en la región heap de la memoria A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL. • http://www.openwall.com/lists/oss-security/2022/01/20/3 https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html https://security.gentoo.org/glsa/202311-07 https://www.debian.org/security/2022/dsa-5051 https://www.ipi.fi/pipermail/aide/2022-January/001713.html https://www.openwall.com/lists/oss-security/2022/01/20/3 https://access.redhat.com/security/cve/CVE-2021-45417 https://bugzilla.redhat.com/show_bug.cgi?id=2041489 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2022-20698 – Clam AntiVirus (ClamAV) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20698
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de OOXML en el software Clam AntiVirus (ClamAV) versión 0.104.1 y LTS versiones 0.103.4 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html https://security.gentoo.org/glsa/202310-01 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 175EXPL: 1CVE-2021-3710 – Apport info disclosure via path traversal bug in read_file
https://notcve.org/view.php?id=CVE-2021-3710
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; Se ha detectado una divulgación de información por medio de un salto de ruta en la función read_file() del archivo apport/hookutils.py. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3 • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710 https://ubuntu.com/security/notices/USN-5077-1 https://ubuntu.com/security/notices/USN-5077-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1CVE-2021-3737 – python: urllib: HTTP client possible infinite loop on a 100 Continue response
https://notcve.org/view.php?id=CVE-2021-3737
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. Una respuesta HTTP manejada inapropiadamente en el código del cliente HTTP de python puede permitir a un atacante remoto, que controle el servidor HTTP, hacer que el script del cliente entre en un bucle infinito, consumiendo tiempo de CPU. • https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://security.netapp.com/advisory/ntap-20220407-0009 https://ubuntu.com/security/CVE-2021-3737 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 175EXPL: 1CVE-2021-3709 – Apport file permission bypass through emacs byte compilation errors
https://notcve.org/view.php?id=CVE-2021-3709
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; La función check_attachment_for_errors() en el archivo data/general-hooks/ubuntu.py podría ser engañada para exponer datos privados por medio de un archivo de bloqueo construido. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3; • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709 https://ubuntu.com/security/notices/USN-5077-1 https://ubuntu.com/security/notices/USN-5077-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •