CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28712
https://notcve.org/view.php?id=CVE-2021-28712
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Los backends fraudulentos pueden causar DoS de los huéspedes por medio de eventos de alta frecuencia T[este registro de información CNA se relaciona con múltiples CVEs; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE]. • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 https://xenbits.xenproject.org/xsa/advisory-391.txt •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28711
https://notcve.org/view.php?id=CVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 Los backends fraudulentos pueden causar DoS de los huéspedes por medio de eventos de alta frecuencia T[este registro de información CNA es relacionado con múltiples CVEs; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE]. • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5050 https://www.debian.org/security/2022/dsa-5096 https://xenbits.xenproject.org/xsa/advisory-391.txt •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3842 – Inefficient Regular Expression Complexity in nltk/nltk
https://notcve.org/view.php?id=CVE-2021-3842
nltk is vulnerable to Inefficient Regular Expression Complexity nltk es vulnerable a una Complejidad de Expresión Regular Ineficiente • https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41141 – Missing release of locks in PJSIP
https://notcve.org/view.php?id=CVE-2021-41141
PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. • https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196 https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html https://security.gentoo.org/glsa/202210-37 • CWE-667: Improper Locking •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45972
https://notcve.org/view.php?id=CVE-2021-45972
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data. La función giftrans en giftrans versión 1.12.2, contiene un desbordamiento de búfer en la región stack de la memoria porque un valor dentro del archivo de entrada determina la cantidad de datos a escribir. Esto permite a un atacante sobrescribir hasta 250 bytes fuera del buffer asignado con datos arbitrarios. • http://web.archive.org/web/20150801185019 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002739 https://www.abdn.ac.uk/tools/ibmpc/giftrans/index.hti • CWE-1284: Improper Validation of Specified Quantity in Input •