CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3796 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2021-3796
vim is vulnerable to Use After Free vim es vulnerable a un Uso de memoria Previamente Liberada A use-after-free vulnerability in vim could allow an attacker to input a specially crafted file leading to memory corruption and a potentially exploitable crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/10/01/1 https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4 https://lists.fedo • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31891
https://notcve.org/view.php?id=CVE-2021-31891
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. Se ha identificado una vulnerabilidad en Desigo CC (Todas las versiones con módulo de extensión OIS), GMA-Manager (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Operation Scheduler (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Siveillance Control (Todas las versiones con OIS que se ejecutan en Debian 9 o anterior), Siveillance Control Pro (Todas las versiones). La aplicación afectada neutraliza incorrectamente elementos especiales en una petición HTTP GET específica que podría conllevar a una inyección de comandos. • https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-41072 – squashfs-tools: possible Directory Traversal via symbolic link
https://notcve.org/view.php?id=CVE-2021-41072
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. Una función squashfs_opendir en el archivo unsquash-2.c en Squashfs-Tools versión 4.5 permite un Salto de Directorio, una vulnerabilidad diferente a CVE-2021-40153. Un sistema de archivos squashfs que ha sido diseñado para incluir un enlace simbólico y luego contenidos bajo el mismo nombre de archivo en un sistema de archivos puede causar que unsquashfs primero cree el enlace simbólico apuntando fuera del directorio esperado, y luego la operación de escritura subsiguiente causará que el proceso unsquashfs escriba mediante el enlace simbólico en otra parte del sistema de archivos A directory traversal flaw was found in squashfs-tools. During extraction, a file can escape the destination directory by using a symbolic link, and a regular file with an identical name. • https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html https://security.gentoo.org/glsa/202305-29 https://www.debian.org/security/2021/dsa-4987 https://access.redhat.com/security/cve/CVE-2021-41072 https://bugzilla.redhat.com/show_bug.cgi?id=2004957 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-41054
https://notcve.org/view.php?id=CVE-2021-41054
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options. el archivo tftpd_file.c en atftp versiones hasta 0.7.4, presenta un desbordamiento de búfer porque el manejo del tamaño del búfer no considera apropiadamente la combinación de datos, OACK y otras opciones • https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41054 https://lists.debian.org/debian-lts-announce/2021/11/msg00014.html https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-19144
https://notcve.org/view.php?id=CVE-2020-19144
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'. Un desbordamiento del búfer en LibTiff versión v4.0.10, permite a atacantes causar una denegación de servicio por medio de la función "in _TIFFmemcpy" en el componente "tif_unix.c" • http://bugzilla.maptools.org/show_bug.cgi?id=2852 https://gitlab.com/libtiff/libtiff/-/issues/159 https://lists.debian.org/debian-lts-announce/2021/10/msg00004.html https://security.netapp.com/advisory/ntap-20211004-0005 • CWE-787: Out-of-bounds Write •