CVSS: 8.5EPSS: 1%CPEs: 36EXPL: 1CVE-2021-39151 – XStream is vulnerable to an Arbitrary Code Execution attack
https://notcve.org/view.php?id=CVE-2021-39151
23 Aug 2021 — XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. XStream es una bibli... • https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 2%CPEs: 36EXPL: 0CVE-2021-39139 – XStream is vulnerable to an Arbitrary Code Execution attack
https://notcve.org/view.php?id=CVE-2021-39139
23 Aug 2021 — XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to se... • https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 8.5EPSS: 1%CPEs: 36EXPL: 1CVE-2021-39154 – XStream is vulnerable to an Arbitrary Code Execution attack
https://notcve.org/view.php?id=CVE-2021-39154
23 Aug 2021 — XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. XStream es una bibli... • https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37750 – krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field
https://notcve.org/view.php?id=CVE-2021-37750
23 Aug 2021 — The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. El Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.5 y 1.19.x versiones anteriores a 1.19.3, presenta una desreferencia de puntero NULL en el archivo kdc/do_tgs_req.c por medio de un cuerpo interno FAST que carece de un campo de servidor. A fl... • https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 97%CPEs: 36EXPL: 3CVE-2021-39144 – XStream Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-39144
23 Aug 2021 — XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. XStream es una bibli... • https://packetstorm.news/files/id/169859 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2021-38604 – Gentoo Linux Security Advisory 202208-24
https://notcve.org/view.php?id=CVE-2021-38604
12 Aug 2021 — In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vuln... • https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3612 – kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
https://notcve.org/view.php?id=CVE-2021-3612
09 Jul 2021 — An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escritura en memoria fuera de límites en el kernel de Linux joystick devices subsystem en versiones ant... • https://bugzilla.redhat.com/show_bug.cgi?id=1974079 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-0089 – Debian Security Advisory 4931-1
https://notcve.org/view.php?id=CVE-2021-0089
09 Jun 2021 — Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Una discrepancia de respuesta observable en algunos Intel® Processors puede permitir a un usuario autorizado permitir potencialmente una divulgación de información por medio de un acceso local Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.15.0-r1 are affected. • http://www.openwall.com/lists/oss-security/2021/06/10/1 • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-0086
https://notcve.org/view.php?id=CVE-2021-0086
09 Jun 2021 — Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. La discrepancia de respuesta observable en las operaciones de punto flotante para algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente la divulgación de información a través del acceso local • http://www.openwall.com/lists/oss-security/2021/06/08/7 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2021-26314 – AMD Speculative execution with Floating-Point Value Injection
https://notcve.org/view.php?id=CVE-2021-26314
09 Jun 2021 — Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. Una inyección de valor de punto flotante potencial en todos los productos de CPU compatibles, junto con las vulnerabilidades de software relacionadas con la ejecución especulativa con resultados de punto flotante incorrectos, puede causar el us... • http://www.openwall.com/lists/oss-security/2021/06/09/2 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •