CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 1CVE-2021-3516 – libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3516
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. Se encontró un fallo en xmllint de libxml2 en versiones anteriores a 2.9.11. Un atacante que es capaz de enviar un archivo diseñado para ser procesado por xmllint podría desencadenar un uso de la memoria previamente liberada. • https://bugzilla.redhat.com/show_bug.cgi?id=1954225 https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV https://security& • CWE-416: Use After Free •
CVSS: 8.8EPSS: 4%CPEs: 40EXPL: 1CVE-2021-29505 – XStream is vulnerable to a Remote Command Execution attack
https://notcve.org/view.php?id=CVE-2021-29505
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. XStream es un software para serializar objetos Java a XML y viceversa. • https://github.com/MyBlackManba/CVE-2021-29505 https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP https://lists.f • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 14%CPEs: 5EXPL: 0CVE-2021-33620 – squid: denial of service in HTTP response processing
https://notcve.org/view.php?id=CVE-2021-33620
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegación de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa por parte del servidor An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-a • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-22032
https://notcve.org/view.php?id=CVE-2020-22032
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences. Se presenta una vulnerabilidad de Desbordamiento del Búfer en la región stack de la memoria en FFmpeg versión 4.2, en la biblioteca libavfilter/vf_edgedetect.c en la función gaussian_blur, que podría conllevar a una corrupción en la memoria y otras potenciales consecuencias • https://cwe.mitre.org/data/definitions/122.html https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://trac.ffmpeg.org/ticket/8275 https://www.debian.org/security/2021/dsa-4990 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-22016
https://notcve.org/view.php?id=CVE-2020-22016
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences. Una vulnerabilidad de Desbordamiento del Búfer en la región stack de la memoria en FFmpeg versión 4.2 en la biblioteca libavcodec/get_bits.h al escribir archivos .mov, que podría conllevar a una corrupción en la memoria y otras potenciales consecuencias • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://trac.ffmpeg.org/ticket/8183 https://www.debian.org/security/2021/dsa-4990 • CWE-787: Out-of-bounds Write •