CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 2CVE-2021-46142
https://notcve.org/view.php?id=CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. Se ha detectado un problema en uriparser versiones anteriores a 0.9.6. Lleva a cabo operaciones libres no válidas en uriNormalizeSyntax. • https://blog.hartwork.org/posts/uriparser-096-with-security-fixes-released https://github.com/uriparser/uriparser/issues/122 https://github.com/uriparser/uriparser/pull/124 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6T7WA27H7K3WI2AXUAGPWBGK4HM65D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGIJTDNEMU2V4H3JJBQVKBRHU5GBQKG2 https://www.debian.org/security/2022/dsa-5063 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 1CVE-2021-41817 – ruby: Regular expression denial of service vulnerability of Date parsing methods
https://notcve.org/view.php?id=CVE-2021-41817
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. Date.parse en date gem versiones hasta 3.2.0 para Ruby, permite ReDoS (expresión regular de denegación de servicio) por medio de una cadena larga. Las versiones corregidas son 3.2.1, 3.1.2, 3.0.2 y 2.0.1. A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates. • https://hackerone.com/reports/1254844 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF https://security.gentoo.org/glsa/202401-27 https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817 https://access.redhat.com/security/cve/CVE-2021-41817 https://bugzilla.redhat.com/show_bug. • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 1CVE-2021-41819 – ruby: Cookie prefix spoofing in CGI::Cookie.parse
https://notcve.org/view.php?id=CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CGI::Cookie.parse en Ruby versiones hasta 2.6.8, maneja inapropiadamente los prefijos de seguridad en los nombres de las cookies. Esto también afecta a CGI gem versiones hasta 0.3.0 para Ruby. A flaw was found in Ruby. • https://hackerone.com/reports/910552 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUXQCH6FRKANCVZO2Q7D2SQX33FP3KWN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTOJGS5IEFDK3UOO7IY4OTTFGHGLSWZF https://security.gentoo.org/glsa/202401-27 https://security.netapp.com/advisory/ntap-20220121-0003 https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819 https://access.redhat.com/se • CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 1CVE-2021-4166 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2021-4166
vim is vulnerable to Out-of-bounds Read vim es vulnerable a una Lectura Fuera de Límites • http://seclists.org/fulldisclosure/2022/Jul/14 http://seclists.org/fulldisclosure/2022/Mar/29 http://seclists.org/fulldisclosure/2022/May/35 http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD https://lists.fedoraproject.org/archives/list/package& • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33938 – libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c
https://notcve.org/view.php?id=CVE-2021-33938
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service. Una vulnerabilidad de desbordamiento de búfer en la función prune_to_recommended en el archivosrc/policy.c en libsolv versiones anteriores a 0.7.17, permite a atacantes causar una denegación de servicio A flaw was found in libsolv. A buffer overflow vulnerability in the prune_to_recommend function allows attackers to cause a denial of service. The highest threat from this vulnerability is to system availability. • https://github.com/openSUSE/libsolv/issues/420 https://access.redhat.com/security/cve/CVE-2021-33938 https://bugzilla.redhat.com/show_bug.cgi?id=2000707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •