CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 3CVE-2021-38001
https://notcve.org/view.php?id=CVE-2021-38001
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome versiones anteriores a 95.0.4638.69, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada • https://github.com/Peterpan0927/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/maldiohead/TFC-Chrome-v8-bug-CVE-2021-38001-poc https://github.com/TheHermione/CVE-2021-38001 https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://crbug.com/1260577 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744 https://www.debian.org/security/2022/dsa-5046 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41190 – Clarify Content-Type handling in OCI spec
https://notcve.org/view.php?id=CVE-2021-41190
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. ... Los documentos que contenían campos "manifiestos" y "capas" podían interpretarse como un manifiesto o un índice en ausencia de una cabecera Content-Type que los acompañara. Si una cabecera Content-Type cambiaba entre dos pulls del mismo compendio, un cliente podría interpretar el contenido resultante de forma diferente. • http://www.openwall.com/lists/oss-security/2021/11/19/10 https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923 https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN https://lists.fedoraproject.org/archives/list/packa • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40872
https://notcve.org/view.php?id=CVE-2021-40872
The server process may crash unexpectedly because of an invalid type cast, and must be restarted. • https://industrial.softing.com https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin_CVE-2021-40872.pdf • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40871
https://notcve.org/view.php?id=CVE-2021-40871
The client process may crash unexpectedly because of a wrong type cast, and must be restarted. • https://industrial.softing.com https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.9EPSS: 0%CPEs: 17EXPL: 0CVE-2021-31344
https://notcve.org/view.php?id=CVE-2021-31344
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004) Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5. 4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet activadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22.1-E. D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1. 1), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). Los paquetes de eco ICMP con opciones de IP falsas permiten enviar mensajes de respuesta de eco ICMP a hosts arbitrarios en la red. • https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf https://cert-portal.siemens.com/productcert/html/ssa-114589.html https://cert-portal.siemens.com/productcert/html/ssa-044112.html https://cert-portal.siemens.com/productcert/html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •