CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2021-46143 – expat: Integer overflow in doProlog in xmlparse.c
https://notcve.org/view.php?id=CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0006 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2021-46143 https://bu • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 2CVE-2021-45960 – expat: Large number of prefixed XML attributes on a single tag can crash libexpat
https://notcve.org/view.php?id=CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). En Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o más) lugares en la función storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignación (por ejemplo, asignar muy pocos bytes, o sólo liberar memoria). expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/531 https://github.com/libexpat/libexpat/pull/534 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0004 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://acces • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-682: Incorrect Calculation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20135
https://notcve.org/view.php?id=CVE-2021-20135
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus). Se ha detectado que Nessus versiones 8.15.2 y anteriores, contienen una vulnerabilidad de escalada de privilegios local que podría permitir a un administrador local autenticado ejecutar determinados ejecutables en el host del Agente Nessus. Tenable ha incluido una corrección para este problema en Nessus versión 10.0.0. • https://www.tenable.com/security/tns-2021-18 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20079
https://notcve.org/view.php?id=CVE-2021-20079
Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. Nessus versiones 8.13.2 y anteriores, se detectó que contienen una vulnerabilidad de escalada de privilegios que podría permitir a un usuario administrador de Nessus cargar un archivo especialmente diseñado que podría conllevar a alcanzar privilegios de administrador en el host de Nessus • https://www.tenable.com/security/tns-2021-07 •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 https://kc.mc • CWE-295: Improper Certificate Validation •