CVSS: 7.8EPSS: 96%CPEs: 39EXPL: 56CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo carácter de barra invertida A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. • https://www.exploit-db.com/exploits/49521 https://www.exploit-db.com/exploits/49522 https://github.com/blasty/CVE-2021-3156 https://github.com/worawit/CVE-2021-3156 https://github.com/stong/CVE-2021-3156 https://github.com/reverse-ex/CVE-2021-3156 https://github.com/CptGibbon/CVE-2021-3156 https://github.com/Rvn0xsy/CVE-2021-3156-plus https://github.com/mr-r3b00t/CVE-2021-3156 https://github.com/0xdevil/CVE-2021-3156 https://github.com/unauth401/CVE-20 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2021-2011 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2011
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2011 https://bugzilla.redhat.com/show_bug.cgi?id=1922384 •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-2010 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2010
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2010 https://bugzilla.redhat.com/show_bug.cgi?id=1922383 •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2007 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2007 https://bugzilla.redhat.com/show_bug.cgi?id=1922382 •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-2006 – mysql: C API unspecified vulnerability (CPU Jan 2021)
https://notcve.org/view.php?id=CVE-2021-2006
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20210622-0001 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2021-2006 https://bugzilla.redhat.com/show_bug.cgi?id=1922381 •