CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22815 – python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
https://notcve.org/view.php?id=CVE-2022-22815
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. La función path_getbbox en el archivo path.c en Pillow versiones anteriores a 9.0.0 inicializa incorrectamente ImagePath.Path A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to improperly initializing the ImagePath. This flaw allows an attacker to access unauthorized memory that causes memory access errors, incorrect results, or crashes. • https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1dae44c8499f3/src/path.c#L331 https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling https://security.gentoo.org/glsa/202211-10 https://www.debian.org/security/2022/dsa-5053 https://access.redhat.com/security/cve/CVE-2022-22815 https://bugzilla.redhat.com/show_bug.cgi?id=2042511 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 1CVE-2021-4002 – kernel: possible leak or coruption of data residing on hugetlbfs
https://notcve.org/view.php?id=CVE-2021-4002
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. Se encontró un fallo de pérdida de memoria en el uso de memoria hugetlbfs del kernel de Linux en la forma en que el usuario mapea algunas regiones de memoria dos veces usando shmget() que están alineadas a la alineación PUD con el fallo de algunas de las páginas de memoria. Un usuario local podría usar este fallo para conseguir acceso no autorizado a algunos datos • https://bugzilla.redhat.com/show_bug.cgi?id=2025726 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5096 https://www.openwall.com/list • CWE-401: Missing Release of Memory after Effective Lifetime CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28715
https://notcve.org/view.php?id=CVE-2021-28715
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 https://xenbits.xenproject.org/xsa/advisory-392.txt • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-46144
https://notcve.org/view.php?id=CVE-2021-46144
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. Roundcube versiones anteriores a 1.4.13 y versiones 1.5.x anteriores a 1.5.2, permite una vulnerabilidad de tipo XSS por medio de un mensaje de correo electrónico HTML con secuencias de tokens de hojas de estilo en cascada (CSS) diseñadas. • https://bugs.debian.org/1003027 https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 https://lists.debian.org/debian-lts-announce/2022/01/msg00005.html https://roundcube.net/news/2021/12/30/security-update-1.4.13-released https://roundcube.net/news/2021/12/30/update-1.5.2-released https://www.debian.org/security/2022/dsa-5037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-46141
https://notcve.org/view.php?id=CVE-2021-46141
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones inválidas en uriFreeUriMembers y uriMakeOwner. • https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released https://github.com/uriparser/uriparser/issues/121 https://github.com/uriparser/uriparser/pull/124 https://lists.debian.org/debian-lts-announce/2022/01/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2 https://www.debian.org/security/2022 • CWE-416: Use After Free •