CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2021-20307
https://notcve.org/view.php?id=CVE-2021-20307
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. Una vulnerabilidad de cadena de formato en la función panoFileOutputNamesCreate() en libpano versiones 13 2.9.20~rc2+dfsg-3 y anteriores, puede conllevar a leer y escribir valores de memoria arbitrarios • https://bugzilla.redhat.com/show_bug.cgi?id=1946284 https://lists.debian.org/debian-lts-announce/2021/04/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVJRXUOBN56ZWP6QQ3NTA6DIFZMDZAEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE6YZSXNVD6WZ3AG3ENL2DIHQFF24LYX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VYDYBKHT2MNMQCUMAVJNZW4VH6MD5BOF https://security.gentoo.org/glsa/202107-47 ht • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2021-20308
https://notcve.org/view.php?id=CVE-2021-20308
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. El desbordamiento de enteros en htmldoc versiones 1.9.11 y anteriores, puede permitir a atacantes ejecutar código arbitrario y causar una denegación de servicio similar a CVE-2017-9181 • https://bugzilla.redhat.com/show_bug.cgi?id=1946289 https://github.com/michaelrsweet/htmldoc/issues/423 https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0CVE-2021-20305 – nettle: Out of bounds memory access in signature verification
https://notcve.org/view.php?id=CVE-2021-20305
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en Nettle en versiones anteriores a 3.7.2, donde varias funciones de comprobación de firma de Nettle (GOST DSA, EDDSA y ECDSA) resultan en la función de multiplicación del punto Elliptic Curve Cryptography (ECC) ser llamados con escaladores fuera de rango, posiblemente resultando en resultados incorrectos. Este fallo permite a un atacante forzar una firma no válida, causando un fallo de aserción o una posible validación. • https://bugzilla.redhat.com/show_bug.cgi?id=1942533 https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63 https://security.gentoo.org/glsa/202105-31 https://security.netapp.com/advisory/ntap-20211022-0002 https://www.debian.org/security/2021/dsa-4933 https://access.redhat.com/security/cve/CVE-2021-20305 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10001 – cups: access to uninitialized buffer in ipp.c
https://notcve.org/view.php?id=CVE-2020-10001
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. Se abordó un problema de comprobación de la entrada con un manejo de la memoria mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. • https://lists.debian.org/debian-lts-announce/2021/10/msg00027.html https://support.apple.com/en-us/HT212011 https://access.redhat.com/security/cve/CVE-2020-10001 https://bugzilla.redhat.com/show_bug.cgi?id=1921680 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30002 – kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
https://notcve.org/view.php?id=CVE-2021-30002
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.3, cuando se presenta un dispositivo webcam. video_usercopy en el archivo drivers/media/v4l2-core/v4l2-ioctl.c, presenta una pérdida de memoria para argumentos grandes, también se conoce como CID-fb18802a338b. A flaw memory leak in the Linux kernel webcam device functionality was found in the way user calls ioctl that triggers video_usercopy function. The highest threat from this vulnerability is to system availability. • https://bugzilla.suse.com/show_bug.cgi?id=1184120 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899 https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://access.redhat.com/security/cve/CVE-2021-30002 https://bugzilla.redhat.com/show_bug.cgi?id=1946279 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •