CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-3772 – kernel: sctp: Invalid chunks may be used to remotely remove existing associations
https://notcve.org/view.php?id=CVE-2021-3772
01 Dec 2021 — A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacant... • https://bugzilla.redhat.com/show_bug.cgi?id=2000694 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-42373 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42373
15 Nov 2021 — A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given Una desreferencia de puntero NULL en el applet man de Busybox conlleva a una denegación de servicio cuando se proporciona un nombre de sección pero no se da ningún argumento de página Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.34.0 are affected. • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 1CVE-2021-42374 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42374
15 Nov 2021 — An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that Una lectura de pila fuera de límites en el applet unlzma de Busybox conlleva a un filtrado de información y una denegación de servicio cuando se descomprime una entrada comprimida LZMA manipulada. Esto puede ser desencadenado por cualquier applet/formato que It was discovered that BusyBox incorrectly handled ... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-42375 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42375
15 Nov 2021 — An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. Un manejo incorrecto de un elemento especial en el applet ash de Busybox conlleva una denegación de servicio cuando es procesado un comando shell diseñado, debido a que el shell confunde caracteres específicos con caracteres reserv... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-159: Improper Handling of Invalid Use of Special Elements •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-42376 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42376
15 Nov 2021 — A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Una desreferencia de puntero NULL en el applet hush de Busybox conlleva a una denegación de servicio cuando es procesado un comando shell diseñado, debido a una falta de comprobación después de un carácter delimitador \x03. Esto puede ser usado para DoS... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 21EXPL: 0CVE-2021-42377 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42377
15 Nov 2021 — An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. Un puntero libre controlado por un atacante en el applet hush de Busybox conlleva a una denegación de servicio y una posible ejecución de código cuando es procesado un comando shell diseñado, debido a que el shell mane... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2021-35550 – OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)
https://notcve.org/view.php?id=CVE-2021-35550
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35556 – OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)
https://notcve.org/view.php?id=CVE-2021-35556
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35559 – OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580)
https://notcve.org/view.php?id=CVE-2021-35559
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 24EXPL: 0CVE-2021-35561 – OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)
https://notcve.org/view.php?id=CVE-2021-35561
20 Oct 2021 — Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial o... • https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html • CWE-770: Allocation of Resources Without Limits or Throttling •