CVE-2021-44026 – Roundcube Webmail SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-44026
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. Roundcube versiones anteriores a 1.3.17 y versiones 1.4.x anteriores a 1.4.12, es propenso a una potencial inyección SQL por medio de los parámetros search o search_params Roundcube Webmail is vulnerable to SQL injection via search or search_params. • https://bugs.debian.org/1000156 https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4 https://www.debian.org/se • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-21899
https://notcve.org/view.php?id=CVE-2021-21899
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dwgCompressor::copyCompBytes21 de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dwg especialmente diseñado puede conllevar a un desbordamiento del búfer de la pila. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 https://www.debian.org/security/2022/dsa-5077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-21898
https://notcve.org/view.php?id=CVE-2021-21898
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dwgCompressor::decompress18() de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dwg especialmente diseñado puede conllevar a una escritura fuera de límites. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349 https://www.debian.org/security/2022/dsa-5077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2021-3974 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-3974
vim is vulnerable to Use After Free vim es vulnerable a un Uso de Memoria previamente Liberada • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P https://lists.fedoraproject.org/archives/list/package-announce% • CWE-416: Use After Free •
CVE-2021-21900
https://notcve.org/view.php?id=CVE-2021-21900
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dxfRW::processLType() de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dxf especialmente diseñado puede conllevar a una vulnerabilidad de uso de memoria previamente liberada. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351 https://www.debian.org/security/2022/dsa-5077 • CWE-416: Use After Free •