CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2021-27807 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-27807
19 Mar 2021 — A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes ... • http://www.openwall.com/lists/oss-security/2021/03/19/9 • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2021-28834 – Ubuntu Security Notice USN-6424-1
https://notcve.org/view.php?id=CVE-2021-28834
19 Mar 2021 — Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Kramdown versiones anteriores a 2.3.1, no restringe los formateadores Rouge al espacio de nombres de Rouge::Formatters, y por lo tanto, pueden ser instancializadas clases arbitrarias It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code. • https://github.com/gettalong/kramdown/compare/REL_2_3_0...REL_2_3_1 •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2020-25097 – squid: improper input validation may allow a trusted client to perform HTTP request smuggling
https://notcve.org/view.php?id=CVE-2020-25097
19 Mar 2021 — An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. Se detectó un problema en Squid versiones hasta 4.13 y versiones 5.x hasta 5.0.4. Debido a una comprobación inapropiada de la entrada, permite a un cliente confiable llevar a cabo un Trafico No Autorizado de Petici... • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28831 – Ubuntu Security Notice USN-6335-1
https://notcve.org/view.php?id=CVE-2021-28831
19 Mar 2021 — decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. El archivo decompress_gunzip.c en BusyBox versiones hasta 1.32.1, maneja inapropiadamente el bit de error en el puntero de resultado de huft_build, con un fallo liberación invalida o de segmentación resultante, por medio de datos gzip malformados It was discovered that BusyBox incorrectly handled certain malformed gzip archives... • https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2021-27291 – python-pygments: ReDoS in multiple lexers
https://notcve.org/view.php?id=CVE-2021-27291
17 Mar 2021 — In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. En pygments versión 1.1+, corregido en 2.7.4, los lexers usados para analizar unos lenguajes de programación dependen en gran medida en expresiones regulares. Algunas de las expresiones regulares presentan un... • https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-21192 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21192
16 Mar 2021 — Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento del búfer de la pila en tab groups en Google Chrome versiones anteriores a 89.0.4389.90, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary ex... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 12%CPEs: 3EXPL: 1CVE-2021-21193 – Google Chromium Blink Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-21193
16 Mar 2021 — Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en Blink en Google Chrome versiones anteriores a 89.0.4389.90, permitía a un atacante remoto explotar la corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions les... • https://github.com/mehrzad1994/CVE-2021-21193 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2021-21191 – Debian Security Advisory 4886-1
https://notcve.org/view.php?id=CVE-2021-21191
16 Mar 2021 — Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de la memoria previamente liberada en WebRTC en Google Chrome versiones anteriores a 89.0.4389.90, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of ... • https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20283
https://notcve.org/view.php?id=CVE-2021-20283
15 Mar 2021 — The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. El servicio web responsable de obtener los cursos inscritos de otros usuarios no comprobó que el usuario solicitante tuviera permiso para visualizar esa información en cada curso en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939051 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20282
https://notcve.org/view.php?id=CVE-2021-20282
15 Mar 2021 — When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Cuando se crea una cuenta de usuario, era posible verificar la cuenta sin tener acceso al enlace/secreto del correo electrónico de comprobación en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939046 • CWE-863: Incorrect Authorization •