CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-30469
https://notcve.org/view.php?id=CVE-2021-30469
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. Se encontró un fallo en PoDoFo versión 0.9.7. Un uso de la memoria previamente liberada en la función PoDoFo::PdfVecObjects::Clear() puede causar una denegación de servicio por medio de un archivo PDF diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1947433 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3527
https://notcve.org/view.php?id=CVE-2021-3527
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. Se encontró un fallo en el dispositivo redirector USB (usb-redir) de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1955695 https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20210708-0008 https://www.openwall.com/lists/oss-security/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20486
https://notcve.org/view.php?id=CVE-2021-20486
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668. IBM Cloud Pak for Data versión 3.0, podría permitir a un usuario autenticado obtener información confidencial cuando es instalado con plugins adicionales. IBM X-Force ID: 197668 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197668 https://www.ibm.com/support/pages/node/6456033 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-25014 – libwebp: use of uninitialized value in ReadSymbol()
https://notcve.org/view.php?id=CVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). Se encontró un uso de valor no inicializado en libwebp en versiones anteriores a la 1.0.1 en ReadSymbol() A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 https://bugzilla.redhat.com/show_bug.cgi?id=1956927 https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52 https://access.redhat.com/security/cve/CVE-2018-25014 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25013 – libwebp: out-of-bounds read in ShiftBytes()
https://notcve.org/view.php?id=CVE-2018-25013
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en ShiftBytes() A flaw was found in libwebp. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 https://bugzilla.redhat.com/show_bug.cgi?id=1956926 https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 https://access.redhat.com/security/cve/CVE-2018-25013 • CWE-125: Out-of-bounds Read •