Page 61 of 1223 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2021-4181

https://notcve.org/view.php?id=CVE-2021-4181

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un bloqueo en Sysdig Event dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite la denegación de servicio por inyección de paquetes o por un archivo de captura diseñado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4181.json https://gitlab.com/wireshark/wireshark/-/merge_requests/5429 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ https://security.gentoo.org/glsa/202210-04 https://www.or • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2021-4185

https://notcve.org/view.php?id=CVE-2021-4185

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file Un Bucle infinito en RTMPT dissector en Wireshark versiones 3.6.0 y 3.4.0 a 3.4.10, permite una denegación de servicio por inyección de paquetes o archivo de captura diseñado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4185.json https://gitlab.com/wireshark/wireshark/-/issues/17745 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ https://security.gentoo.org/glsa/202210-04 https://www.oracle.co • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

CVE-2021-4187 – Use After Free in vim/vim

https://notcve.org/view.php?id=CVE-2021-4187

vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria Previamente Liberada • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-416: Use After Free •

CVSS: 8.5EPSS: 2%CPEs: 71EXPL: 1

CVE-2021-44832 – Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

https://notcve.org/view.php?id=CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de corrección de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecución remota de código (RCE) cuando una configuración utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. • https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 http://www.openwall.com/lists/oss-security/2021/12/28/1 https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf https://issues.apache.org/jira/browse/LOG4J2-3293 https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

CVE-2021-4173 – Use After Free in vim/vim

https://notcve.org/view.php?id=CVE-2021-4173

vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria previamente Liberada • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-416: Use After Free •