CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-42260
https://notcve.org/view.php?id=CVE-2021-42260
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. TinyXML versiones hasta 2.6.2, presenta un bucle infinito en la función TiXmlParsingData::Stamp en el archivo tinyxmlparser.cpp por medio del caso TIXML_UTF_LEAD_0. Puede ser activado por un mensaje XML diseñado y conlleva una denegación de servicio • https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6 https://sourceforge.net/p/tinyxml/bugs/141 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41125 – HTTP authentication credential leak to target websites in scrapy
https://notcve.org/view.php?id=CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. • http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28702
https://notcve.org/view.php?id=CVE-2021-28702
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption. • http://www.openwall.com/lists/oss-security/2021/10/07/2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OIHEJ3R3EH5DYI2I5UMD2ULJ2ELA3EX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDPRMOBBLS74ONYP3IXZZXSTLKR7GRQB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAWV6PO2KUGVZTESERECOBUBZ6X45I7 https://security.gentoo.org/glsa/202208-23 https://www.debian.org/security/2021/dsa-5017 https:/&#x • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2021-42008
https://notcve.org/view.php?id=CVE-2021-42008
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. La función decode_data en el archivo drivers/net/hamradio/6pack.c en el kernel de Linux versiones anteriores a 5.13.13, presenta una escritura fuera de límites. La entrada desde un proceso que tiene la capacidad CAP_NET_ADMIN puede conllevar a un acceso de root • https://github.com/0xdevil/CVE-2021-42008 https://github.com/numanturle/CVE-2021-42008 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793 https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20211104-0002 https://www.youtube.com/watch?v=d5f9xLK8Vhw • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2021-32765 – Integer Overflow to Buffer Overflow in Hiredis
https://notcve.org/view.php?id=CVE-2021-32765
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible. • https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html https://security.gentoo.org/glsa/202210-32 https://security.netapp.com/advisory/ntap-20211104-0003 https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •