CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2023-2953 – openldap: null pointer dereference in ber_memalloc_x function
https://notcve.org/view.php?id=CVE-2023-2953
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://access.redhat.com/security/cve/CVE-2023-2953 https://bugs.openldap.org/show_bug.cgi?id=9904 https://security.netapp.com/advisory/ntap-20230703-0005 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27003
https://notcve.org/view.php?id=CVE-2021-27003
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack. Clustered Data ONTAP versiones anteriores a 9.5P18, 9.6P15, 9.7P14, 9.8P5 y 9.9.1 carecen de un encabezado X-Frame-Options que podría permitir un ataque de clickjacking • https://security.netapp.com/advisory/ntap-20211012-0001 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-26994
https://notcve.org/view.php?id=CVE-2021-26994
Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Clustered Data ONTAP versiones anteriores a 9.7P13 y 9.8P3, son susceptibles a una vulnerabilidad que podría permitir a cargas de trabajo individuales causar una Denegación de Servicio (DoS) en un nodo del clúster • https://security.netapp.com/advisory/NTAP-20210601-0001 •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2021-3516 – libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3516
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. Se encontró un fallo en xmllint de libxml2 en versiones anteriores a 2.9.11. Un atacante que es capaz de enviar un archivo diseñado para ser procesado por xmllint podría desencadenar un uso de la memoria previamente liberada. • https://bugzilla.redhat.com/show_bug.cgi?id=1954225 https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV https://security& • CWE-416: Use After Free •
CVSS: 8.6EPSS: 1%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcionalidad xml entity encoding de libxml2 en versiones anteriores a 2.9.11. Un atacante que sea capaz de proporcionar un archivo diseñado para que sea procesado por una aplicación vinculada con la funcionalidad afectada de libxml2 podría desencadenar una lectura fuera de los límites. • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6 https://lists.fedoraproject.org/archives/list/pack • CWE-787: Out-of-bounds Write •