CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35522 – libtiff: Memory allocation failure in tiff2rgba
https://notcve.org/view.php?id=CVE-2020-35522
09 Mar 2021 — In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. En LibTIFF, se presenta un fallo de memoria malloc en el archivo tif_pixarlog.c. Un documento TIFF diseñado puede conllevar a un aborto, resultando en un ataque de denegación de servicio remota It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of ser... • https://bugzilla.redhat.com/show_bug.cgi?id=1932037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20245 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20245
09 Mar 2021 — A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo coders/webp.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de división matemática por cero. • https://bugzilla.redhat.com/show_bug.cgi?id=1928943 • CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20244 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20244
09 Mar 2021 — A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/visual-effects.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de divisió... • https://bugzilla.redhat.com/show_bug.cgi?id=1928959 • CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20246 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20246
09 Mar 2021 — A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/resample.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de división matemática... • https://bugzilla.redhat.com/show_bug.cgi?id=1928941 • CWE-369: Divide By Zero •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 1CVE-2020-25639 – Ubuntu Security Notice USN-4949-1
https://notcve.org/view.php?id=CVE-2020-25639
04 Mar 2021 — A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. Se encontró un fallo de desreferencia del puntero NULL en la funcionalidad del controlador GPU Nouveau del kernel de Linux en versiones anteriores a 5.12-rc1, en la manera en que el usuario llama a ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. Este fallo permite que un usuari... • https://bugzilla.redhat.com/show_bug.cgi?id=1876995 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-35523 – libtiff: Integer overflow in tif_getimage.c
https://notcve.org/view.php?id=CVE-2020-35523
26 Feb 2021 — An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c. Este fallo permite a un atacante inyectar y ejecutar código arbitrario cuando un usuario abre un archivo ... • https://bugzilla.redhat.com/show_bug.cgi?id=1932040 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25657 – m2crypto: bleichenbacher timing attacks in the RSA decryption API
https://notcve.org/view.php?id=CVE-2020-25657
12 Jan 2021 — A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en todas las versiones publicadas de m2crypto, donde son vulnerables a ataques de sincronización de Bleichenbacher en la API de descifrado RSA por medio del procesamiento cronometrado de texto cifrado PKCS#1 versión v1.5 válido... • https://bugzilla.redhat.com/show_bug.cgi?id=1889823 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-27777 – kernel: powerpc: RTAS calls can be used to compromise kernel integrity
https://notcve.org/view.php?id=CVE-2020-27777
15 Dec 2020 — A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. Se encontró un fallo en la manera en que RTAS manejaba los accesos a la memoria en el espacio de usuario para la comunicación del kernel. En un sistema invitado bloqueado (generalm... • https://bugzilla.redhat.com/show_bug.cgi?id=1900844 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-27776 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27776
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/statistic.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1898304 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27773
https://notcve.org/view.php?id=CVE-2020-27773
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore... • https://bugzilla.redhat.com/show_bug.cgi?id=1898295 • CWE-369: Divide By Zero •