CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •
CVE-2021-22884 – nodejs: DNS rebinding in --inspect
https://notcve.org/view.php?id=CVE-2021-22884
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. Node.js versiones anteriores a 10.24.0, 12.21.0, 14.16.0 y 15.10.0, es vulnerable a unos ataques de reenlace de DNS, ya que la lista blanca incluye “localhost6”. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1069487 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4FRS5ZVK4ZQ7XIJQNGIKUXG2DJFHLO7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F45Y7TXSU33MTKB6AGL2Q5V5ZOCNPKOG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSYFUGKFUSZ27M5TEZ3FKILWTWFJTFAZ https://nodejs.org/en/blog/vulnerability/february-2021-security-releases& • CWE-20: Improper Input Validation CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo carácter de barra invertida A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. • https://www.exploit-db.com/exploits/49521 https://www.exploit-db.com/exploits/49522 https://github.com/blasty/CVE-2021-3156 https://github.com/worawit/CVE-2021-3156 https://github.com/stong/CVE-2021-3156 https://github.com/reverse-ex/CVE-2021-3156 https://github.com/CptGibbon/CVE-2021-3156 https://github.com/Rvn0xsy/CVE-2021-3156-plus https://github.com/mr-r3b00t/CVE-2021-3156 https://github.com/0xdevil/CVE-2021-3156 https://github.com/unauth401/CVE-20 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •
CVE-2020-14782 – OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)
https://notcve.org/view.php?id=CVE-2020-14782
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html https://security.gentoo.org/glsa/202101-19 https://security.netapp.com/advisory/ntap-20201023-0004 https://www.debian.org/security/2020/dsa-4779 https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-14782 https://bugzilla.redhat.com/show_bug.cgi?id=1889290 • CWE-295: Improper Certificate Validation •
CVE-2020-14664 – Oracle Java Runtime Environment HTML Rendering Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-14664
Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. • https://security.gentoo.org/glsa/202209-15 https://security.netapp.com/advisory/ntap-20200717-0005 https://www.oracle.com/security-alerts/cpujul2020.html https://www.zerodayinitiative.com/advisories/ZDI-20-897 •