CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20270 – python-pygments: Infinite loop in SML lexer may lead to DoS
https://notcve.org/view.php?id=CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. Un bucle infinito en SMLLexer en Pygments versiones 1.5 hasta 2.7.3, puede conllevar a una denegación de servicio cuando se lleva a cabo el resaltado de sintaxis de un archivo fuente de Standard ML (SML), como es demostrado por la entrada que solo contiene la palabra clave "exception" • https://bugzilla.redhat.com/show_bug.cgi?id=1922136 https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html https://www.debian.org/security/2021/dsa-4889 https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-20270 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1844 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-1844
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con una comprobación mejorada. Este problema es corregido en iOS versión 14.4.1 y iPadOS versión 14.4.1, Safari versión 14.0.3 (versiones v.14610.4.3.1.7 y 15610.4.3.1.7), watchOS versión 7.3.2, macOS Big Sur versión 11.2.3. • http://seclists.org/fulldisclosure/2021/Apr/55 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://support.apple.com/en-us/HT212220 https://support.apple.com/en-us/HT212221 https://support.apple.com/en-us/HT212222 https://support.apple.com/en-us/HT212223 https://support.apple.com/kb/HT212323 https://www.debian.org/security/2021/dsa-4923 https://access.redhat.com/security/cve/CVE-2021-1844 https://b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20246
https://notcve.org/view.php?id=CVE-2021-20246
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/resample.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de división matemática por cero. • https://bugzilla.redhat.com/show_bug.cgi?id=1928941 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html • CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20245
https://notcve.org/view.php?id=CVE-2021-20245
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo coders/webp.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de división matemática por cero. • https://bugzilla.redhat.com/show_bug.cgi?id=1928943 https://github.com/ImageMagick/ImageMagick/issues/3176 https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html • CWE-369: Divide By Zero •
CVSS: 8.0EPSS: 85%CPEs: 21EXPL: 12CVE-2021-21300 – malicious repositories can execute remote code while cloning
https://notcve.org/view.php?id=CVE-2021-21300
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. • https://github.com/AlkenePan/CVE-2021-21300 https://github.com/Maskhe/CVE-2021-21300 https://github.com/1uanWu/CVE-2021-21300 https://github.com/Roboterh/CVE-2021-21300 https://github.com/Saboor-Hakimi-23/CVE-2021-21300 https://github.com/Kirill89/CVE-2021-21300 https://github.com/erranfenech/CVE-2021-21300 https://github.com/fengzhouc/CVE-2021-21300 https://github.com/danshuizhangyu/CVE-2021-21300 https://github.com/Faisal78123/CVE-2021-21300 http://packetstormsecurity. • CWE-59: Improper Link Resolution Before File Access ('Link Following') •