Page 83 of 4121 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-41771 – golang: debug/macho: invalid dynamic symbol table command can cause panic

https://notcve.org/view.php?id=CVE-2021-41771

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. ImportedSymbols en debug/macho (para Open u OpenFat) en Go versiones anteriores a 1.16.10 y 1.17.x versiones anteriores a 1.17.3, Accede a una Ubicación de Memoria Después del Final de un Búfer, también se conoce como una situación de "out-of-bounds slice" An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library (stdlib) and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice (array) causing a panic when calling ImportedSymbols. An attacker can use this vulnerability to craft a file which causes an application using this library to crash resulting in a denial of service. • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://groups.google.com/g/golang-announce/c/0fM21h43arc https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z https://lists.fedoraproject.org/archives/list/package-announce& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-3927 – Heap-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2021-3927

vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7 https://lists.fedoraproject.org/archives/list/package-announce% • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-3928 – Use of Uninitialized Variable in vim/vim

https://notcve.org/view.php?id=CVE-2021-3928

vim is vulnerable to Use of Uninitialized Variable vim es vulnerable al uso de una variable no inicializada • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7 https://lists.fedoraproject.org/archives/list/package-announce% • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2021-43389 – kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c

https://notcve.org/view.php?id=CVE-2021-43389

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.14.15. Se presenta un fallo de índice de matriz fuera de límites en la función detach_capi_ctr en el archivo drivers/isdn/capi/kcapi.c An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service. • http://www.openwall.com/lists/oss-security/2021/11/05/1 https://bugzilla.redhat.com/show_bug.cgi?id=2013180 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-38507 – Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports

https://notcve.org/view.php?id=CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. La funcionalidad Opportunistic Encryption de HTTP2 (RFC 8164) permite que una conexión sea actualizada transparentemente a TLS mientras conserva las propiedades visuales de una conexión HTTP, incluyendo el mismo origen con conexiones no cifradas en el puerto 80. • https://bugzilla.mozilla.org/show_bug.cgi?id=1730935 https://lists.debian.org/debian-lts-announce/2021/12/msg00030.html https://lists.debian.org/debian-lts-announce/2022/01/msg00001.html https://security.gentoo.org/glsa/202202-03 https://security.gentoo.org/glsa/202208-14 https://www.debian.org/security/2021/dsa-5026 https://www.debian.org/security/2022/dsa-5034 https://www.mozilla.org/security/advisories/mfsa2021-48 https://www.mozilla.org/security/advisories/mfsa2021-49 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •