CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 1CVE-2021-21897
https://notcve.org/view.php?id=CVE-2021-21897
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad DL_Dxf::handleLWPolylineData de Ribbonsoft dxflib versión 3.17.0. Un archivo .dxf especialmente diseñado puede conllevar a un desbordamiento del búfer de la pila. • https://lists.debian.org/debian-lts-announce/2022/06/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BUOTYU3KKIYE4BEBUFA4MRS462P3OWM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA4C4X5GMM65VYLUW7Q7YL6P5NDB633A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMGMEPTYL7WTQ333J6SMC6MUHDMMWT3O https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2H36XRMAPQBIOVIIFX6KUT5 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 1CVE-2021-38714
https://notcve.org/view.php?id=CVE-2021-38714
In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. En Plib versiones hasta 1.85, se presenta una vulnerabilidad de desbordamiento de enteros que podría resultar en una ejecución de código arbitrario. La vulnerabilidad es encontrada en la función ssgLoadTGA() del archivo src/ssg/ssgLoadTGA.cxx. • https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU https://sourceforge.net/p/plib/bugs/55 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 3CVE-2021-23414 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. Esto afecta al paquete video.js antes de la versión 7.14.3. El atributo src de la etiqueta track permite eludir el escape de HTML y ejecutar código arbitrario • https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1533588 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •