CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33631 – Kernel crash in EXT4 filesystem
https://notcve.org/view.php?id=CVE-2021-33631
18 Jan 2024 — Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. La vulnerabilidad de desbordamiento de enteros o envoltura en el kernel openEuler en Linux (módulos del sistema de archivos) permite el desbordamiento de enteros forzado. Este problema afecta al kernel de openEuler: desde 4.19.90 antes de 4.19.90-2401.3, desde 5.10.0-60... • http://www.openwall.com/lists/oss-security/2024/01/30/10 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33630 – NULL-ptr-deref in network sched
https://notcve.org/view.php?id=CVE-2021-33630
18 Jan 2024 — NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3. La vulnerabilidad de desreferencia de puntero NULL en el kernel openEuler en Linux (módulos de red) permite la manipulación de puntero. Esta vulnerabilidad está asociada con los archivos de programa net/sched/sch_cbs.C. • http://www.openwall.com/lists/oss-security/2024/01/30/10 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33640
https://notcve.org/view.php?id=CVE-2021-33640
19 Dec 2022 — After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). Después de tar_close(), libtar.c libera la memoria a la que apunta el puntero t. Después de llamar a tar_close() en la función list(), continúa usando el puntero t: free_longlink_longname(t->th_buf). • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33643 – libtar: out-of-bounds read in gnu_longlink
https://notcve.org/view.php?id=CVE-2021-33643
09 Aug 2022 — An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de encabezado siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longlink, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with the siz... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33644 – libtar: out-of-bounds read in gnu_longname
https://notcve.org/view.php?id=CVE-2021-33644
09 Aug 2022 — An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. Un atacante que envía un archivo tar diseñado con el tamaño de la estructura de cabecera siendo 0 puede ser capaz de desencadenar una llamada de malloc(0) para una variable gnu_longname, causando una lectura fuera de límites A flaw was found in libtar. This flaw allows an attacker who submits a crafted tar file with size in h... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33645 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33645
09 Aug 2022 — The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longlink después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. The libtar packages contain a C library f... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33646 – libtar: memory leak found in th_read() function
https://notcve.org/view.php?id=CVE-2021-33646
09 Aug 2022 — The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. La función th_read() no libera una variable t-)th_buf.gnu_longname después de asignar memoria, lo que puede causar una pérdida de memoria A flaw was found in libtar. This security vulnerability occurs because the th_read() function in libtar doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. The libtar packages contain a C library f... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33656 – kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
https://notcve.org/view.php?id=CVE-2021-33656
18 Jul 2022 — When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. Cuando es establecida la fuente con datos maliciosos por ioctl cmd PIO_FONT, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s console driver functionality in the way a user triggers the ioctl PIO_FONT with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. Red Hat Advanced Cluster Management for ... • http://www.openwall.com/lists/oss-security/2022/07/19/3 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33658
https://notcve.org/view.php?id=CVE-2021-33658
11 Mar 2022 — atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. atune versiones anteriores a 0.3-0.8, es registrado como un usuario local y ejecuta el comando curl para acceder a la interfaz url local de atune para escalar el privilegio local o modificar cualquier archivo. La autenticación no está habilitada a la fuerza en la configuración por ... • https://www.openeuler.org/zh/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1541 • CWE-306: Missing Authentication for Critical Function •