CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-25670 – Ubuntu Security Notice USN-4982-1
https://notcve.org/view.php?id=CVE-2020-25670
19 Apr 2021 — A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el kernel de Linux donde un filtrado de refcount en la función llcp_sock_bind() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2020-25672 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2020-25672
19 Apr 2021 — A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Se encontró una vulnerabilidad de pérdida de memoria en el kernel de Linux en la función llcp_sock_connect Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namesp... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-31348 – openSUSE Security Advisory - openSUSE-SU-2021:3804-1
https://notcve.org/view.php?id=CVE-2021-31348
16 Apr 2021 — An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). Se detectó un problema en la biblioteca libezxml.a en ezXML versión 0.8.6. La función ezxml_parse_str() lleva a cabo un manejo incorrecto de la memoria mientras analiza archivos XML diseñados (una lectura fuera de límites después de un determinado error strcspn) An update that fixes 16 vulnerabilitie... • https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2021-31347 – openSUSE Security Advisory - openSUSE-SU-2021:3804-1
https://notcve.org/view.php?id=CVE-2021-31347
16 Apr 2021 — An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). Se detectó un problema en la biblioteca libezxml.a en ezXML versión 0.8.6. La función ezxml_parse_str() lleva a cabo un manejo de la memoria incorrecto mientras analiza archivos XML diseñados (escribiendo fuera de una región de memoria creada por mmap) An update that fixes 16 vulnerabilities is now avai... • https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2021-31229 – openSUSE Security Advisory - openSUSE-SU-2021:3804-1
https://notcve.org/view.php?id=CVE-2021-31229
15 Apr 2021 — An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. Se detectó un problema en el archivo libezxml.a en ezXML versión 0.8.6. La función ezxml_internal_dtd() lleva a cabo un manejo de la memoria incorrecto mientras analiza archivos XML diseñados, lo que conlleva a una escritura fuera de límites de una constante de un byte An update that fixe... • https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2021-29450 – WordPress Authenticated disclosure of password-protected posts and pages
https://notcve.org/view.php?id=CVE-2021-29450
15 Apr 2021 — Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 88%CPEs: 3EXPL: 23CVE-2021-29447 – WordPress Authenticated XXE attack when installation is running PHP 8
https://notcve.org/view.php?id=CVE-2021-29447
15 Apr 2021 — Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. • https://packetstorm.news/files/id/163148 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 1CVE-2021-29338 – openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c
https://notcve.org/view.php?id=CVE-2021-29338
14 Apr 2021 — Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files. Integer Overflow en OpenJPEG versión v2.4.0 permite a atacantes remotos bloquear la aplicación, causando una denegación de servicio (DoS). Esto ocurre cuando el atacante usa la opción de línea de comando "-ImgDir" en un directorio que contiene 1048576 archivos There is a f... • https://github.com/uclouvain/openjpeg/issues/1338 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3472 – X.Org Server XChangeFeedbackControl Integer Underflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3472
14 Apr 2021 — A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en xorg-x11-server en versiones anteriores a 1.20.11. Se puede producir un subdesbordamiento de enteros en xserver que puede conllevar a una escalada de privilegios local. • http://www.openwall.com/lists/oss-security/2021/04/13/1 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36322 – kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations
https://notcve.org/view.php?id=CVE-2020-36322
14 Apr 2021 — An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. Se detectó un problema en la implementación del sistema de archivos FUSE en el kernel de Linux versiones anteriores a 510.6, también se conoce como CID-5d069dbe8aaf. La función fu... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.6 • CWE-459: Incomplete Cleanup •