CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-37529
https://notcve.org/view.php?id=CVE-2021-37529
A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). Se presenta una vulnerabilidad de doble liberación en fig2dev versiones hasta 3.28a, está afectada por: por medio de la función free_stream en el archivo readpics.c, que podría causar una denegación de servicio (dependiente del contexto) • https://sourceforge.net/p/mcj/tickets/125 • CWE-415: Double Free •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-43860 – Permissions granted to applications can be hidden from the user at install time
https://notcve.org/view.php?id=CVE-2021-43860
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the "xa.metadata" key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. • https://github.com/flatpak/flatpak/commit/54ec1a482dfc668127eaae57f135e6a8e0bc52da https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee https://github.com/flatpak/flatpak/releases/tag/1.10.6 https://github.com/flatpak/flatpak/releases/tag/1.12.3 https://github.com/flatpak/ • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2021-4083 – kernel: fget: check that the fd still exists after getting a ref to it
https://notcve.org/view.php?id=CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. Se ha encontrado un fallo de lectura de memoria previamente liberada en la recolección de basura del kernel de Linux para los manejadores de archivos de socket de dominio Unix en la forma en que los usuarios llaman a close() y fget() simultáneamente y puede potencialmente desencadenar una condición de carrera. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=2029923 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220217-0005 https://www.debian.org/security/2022/dsa-5096 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-202 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29454 – Sandbox Escape by math function in smarty
https://notcve.org/view.php?id=CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. Smarty es un motor de plantillas para PHP que facilita la separación de la presentación (HTML/CSS) de la lógica de la aplicación. • https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71 https://github.com/smarty-php/smarty/releases/tag/v3.1.42 https://github.com/smarty-php/smarty/releases/tag/v4.0.2 https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ https://lists.fedoraproject.org/archives/l • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21408 – Access to restricted PHP code by dynamic static class access in smarty
https://notcve.org/view.php?id=CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. Smarty es un motor de plantillas para PHP que facilita la separación de la presentación (HTML/CSS) de la lógica de la aplicación. Antes de las versiones 3.1.43 y 4.0.3, los autores de plantillas podían ejecutar métodos estáticos restringidos de php. • https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664 https://github.com/smarty-php/smarty/releases/tag/v3.1.43 https://github.com/smarty-php/smarty/releases/tag/v4.0.3 https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ https://lists.fedoraproject.org/archives/l • CWE-20: Improper Input Validation •