CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2021-46143 – expat: Integer overflow in doProlog in xmlparse.c
https://notcve.org/view.php?id=CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0006 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2021-46143 https://bu • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 2CVE-2021-45960 – expat: Large number of prefixed XML attributes on a single tag can crash libexpat
https://notcve.org/view.php?id=CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). En Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o más) lugares en la función storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignación (por ejemplo, asignar muy pocos bytes, o sólo liberar memoria). expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/531 https://github.com/libexpat/libexpat/pull/534 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0004 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://acces • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-682: Incorrect Calculation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20135
https://notcve.org/view.php?id=CVE-2021-20135
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus). Se ha detectado que Nessus versiones 8.15.2 y anteriores, contienen una vulnerabilidad de escalada de privilegios local que podría permitir a un administrador local autenticado ejecutar determinados ejecutables en el host del Agente Nessus. Tenable ha incluido una corrección para este problema en Nessus versión 10.0.0. • https://www.tenable.com/security/tns-2021-18 •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20106
https://notcve.org/view.php?id=CVE-2021-20106
Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. Nessus Agent versiones 8.2.5 y anteriores, se ha detectado que contienen una vulnerabilidad de escalada de privilegios que podría permitir a un usuario administrador de Nessus cargar un archivo especialmente diseñado que podría conllevar a alcanzar privilegios de administrador en el host Nessus • https://www.tenable.com/security/tns-2021-13 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20079
https://notcve.org/view.php?id=CVE-2021-20079
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. Nessus versiones 8.13.2 y anteriores, se detectó que contienen una vulnerabilidad de escalada de privilegios que podría permitir a un usuario administrador de Nessus cargar un archivo especialmente diseñado que podría conllevar a alcanzar privilegios de administrador en el host de Nessus • https://www.tenable.com/security/tns-2021-07 •