CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2021-2166 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2166
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2021-2154 – mysql: Server: DML unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2154
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPA3CTGXPVWKHMCQDVURK4ETH7GE34KK •
CVSS: 4.9EPSS: 1%CPEs: 10EXPL: 0CVE-2021-2146 – mysql: Server: Options unspecified vulnerability (CPU Apr 2021)
https://notcve.org/view.php?id=CVE-2021-2146
22 Apr 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKV7TRUEQW6EV45RSZVVFLVQMNHVHBCJ •
CVSS: 7.0EPSS: 0%CPEs: 30EXPL: 1CVE-2021-23133 – Linux Kernel sctp_destroy_sock race condition
https://notcve.org/view.php?id=CVE-2021-23133
22 Apr 2021 — A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SO... • http://www.openwall.com/lists/oss-security/2021/05/10/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 133EXPL: 0CVE-2021-2163 – OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)
https://notcve.org/view.php?id=CVE-2021-2163
21 Apr 2021 — Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require... • https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-29155 – kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-29155
20 Apr 2021 — An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. Se detectó un problema en el kernel de Linux version... • https://github.com/benschlueter/CVE-2021-29155 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 92%CPEs: 4EXPL: 3CVE-2021-21220 – Google Chromium V8 Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21220
15 Apr 2021 — Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una comprobación insuficiente de una entrada no confiable en V8 en Google Chrome versiones anteriores a e 89.0.4389.128, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada This vulnerability allows remote attackers to execute arbitrary code on affected installations... • https://packetstorm.news/files/id/176210 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20288 – ceph: Unauthorized global_id reuse in cephx
https://notcve.org/view.php?id=CVE-2021-20288
15 Apr 2021 — An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se enc... • https://bugzilla.redhat.com/show_bug.cgi?id=1938031 • CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36323 – rust: optimization for joining strings can cause uninitialized bytes to be exposed
https://notcve.org/view.php?id=CVE-2020-36323
14 Apr 2021 — In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. En la biblioteca standard en Rust versiones anteriores a 1.52.0, se presenta una optimización para unir cadenas que pueden causar que los bytes no inicializados queden expuestos (o que el programa se bloquee) si la cadena prestada cambia después de que su longitud es comprobada Rust T... • https://github.com/rust-lang/rust/issues/80335 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-3472 – X.Org Server XChangeFeedbackControl Integer Underflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3472
14 Apr 2021 — A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en xorg-x11-server en versiones anteriores a 1.20.11. Se puede producir un subdesbordamiento de enteros en xserver que puede conllevar a una escalada de privilegios local. • http://www.openwall.com/lists/oss-security/2021/04/13/1 • CWE-191: Integer Underflow (Wrap or Wraparound) •