CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2021-27906 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
https://notcve.org/view.php?id=CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x • http://www.openwall.com/lists/oss-security/2021/03/19/10 https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3E https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2021-27807 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-27807
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x • http://www.openwall.com/lists/oss-security/2021/03/19/9 https://lists.apache.org/thread.html/r043edc5dcf9199f7f882ed7906b41cb816753766e88b8792dbf319a9%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3E https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r4717f902f8bc36d47b3fa978552a25e4ed3ddc2fffb52b94fbc4ab36%40%3Cusers.pdfbox.apache.org%3E https://lists&# • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2021-28834
https://notcve.org/view.php?id=CVE-2021-28834
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Kramdown versiones anteriores a 2.3.1, no restringe los formateadores Rouge al espacio de nombres de Rouge::Formatters, y por lo tanto, pueden ser instancializadas clases arbitrarias • https://github.com/gettalong/kramdown/compare/REL_2_3_0...REL_2_3_1 https://github.com/gettalong/kramdown/pull/708 https://gitlab.com/gitlab-org/gitlab/-/commit/179329b5c3c118924fb242dc449d06b4ed6ccb66 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJCJVYHPY6LNUFM6LYZIAUIYOMVT5QGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S3BBLUIDCUUR3NEE4NJLOCCAV3ALQ3O6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28090
https://notcve.org/view.php?id=CVE-2021-28090
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. Tor versiones anteriores a 0.4.5.7, permite a un atacante remoto causar que autoridades del directorio de Tor salgan con un fallo de aserción, también se conoce como TROVE-2021-002 • https://blog.torproject.org/node/2009 https://bugs.torproject.org/tpo/core/tor/40316 https://gitlab.torproject.org/tpo/core/tor/-/issues/40316 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5 https://security.gentoo.org/glsa/202107-25 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28089
https://notcve.org/view.php?id=CVE-2021-28089
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. Tor versiones anteriores a 0.4.5.7, permite a un participante remoto en el protocolo de directorio de Tor agotar los recursos de la CPU en un objetivo, también se conoce como TROVE-2021-001 • https://blog.torproject.org/node/2009 https://gitlab.torproject.org/tpo/core/tor/-/issues/40304 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPDXB2GZHG3VNOTWSXQ3QZVHNV76WCU5 https://security.gentoo.org/glsa/202107-25 • CWE-400: Uncontrolled Resource Consumption •