CVSS: 5.3EPSS: 0%CPEs: 152EXPL: 0CVE-2022-21293 – OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
https://notcve.org/view.php?id=CVE-2022-21293
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability ... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21294 – OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)
https://notcve.org/view.php?id=CVE-2022-21294
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability ... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21296 – OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)
https://notcve.org/view.php?id=CVE-2022-21296
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access t... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21299 – OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)
https://notcve.org/view.php?id=CVE-2022-21299
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to ca... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 151EXPL: 0CVE-2022-21305 – OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014)
https://notcve.org/view.php?id=CVE-2022-21305
19 Jan 2022 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, in... • https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 2CVE-2021-4083 – kernel: fget: check that the fd still exists after getting a ref to it
https://notcve.org/view.php?id=CVE-2021-4083
10 Jan 2022 — A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. Se ha encontrado un fallo de lectura de memoria previamente liberada en la recolección de basura del kernel de Linux para los manejadores d... • https://packetstorm.news/files/id/165504 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.1EPSS: 3%CPEs: 11EXPL: 2CVE-2021-46143 – expat: Integer overflow in doProlog in xmlparse.c
https://notcve.org/view.php?id=CVE-2021-46143
06 Jan 2022 — In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. ... • https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-46143 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 5CVE-2021-45960 – expat: Large number of prefixed XML attributes on a single tag can crash libexpat
https://notcve.org/view.php?id=CVE-2021-45960
01 Jan 2022 — In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). En Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o más) lugares en la función storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignación (por ejemplo, asignar muy pocos bytes, o sólo liberar memoria). exp... • https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-45960 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 1CVE-2021-45485 – kernel: information leak in the IPv6 implementation
https://notcve.org/view.php?id=CVE-2021-45485
25 Dec 2021 — In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. En la implementación de IPv6 en el kernel de Linux versiones anteriores a 5.13.3, el archivo net/ipv6/output_core.c presenta un filtrado de información debido a determinado uso de una tabla hash que, aunque es grande, no considera aprop... • https://github.com/Satheesh575555/linux-4.19.72_CVE-2021-45485 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 2%CPEs: 16EXPL: 0CVE-2021-43818 – HTML Cleaner allows crafted and SVG embedded scripts to pass through
https://notcve.org/view.php?id=CVE-2021-43818
13 Dec 2021 — lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. lxml es una biblioteca para procesar XML y HTML en el lenguaje Python. En versiones anteriores a 4.6.5, el limpiador... • https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •