CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-21899
https://notcve.org/view.php?id=CVE-2021-21899
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dwgCompressor::copyCompBytes21 de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dwg especialmente diseñado puede conllevar a un desbordamiento del búfer de la pila. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 https://www.debian.org/security/2022/dsa-5077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 1CVE-2021-21898
https://notcve.org/view.php?id=CVE-2021-21898
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dwgCompressor::decompress18() de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dwg especialmente diseñado puede conllevar a una escritura fuera de límites. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349 https://www.debian.org/security/2022/dsa-5077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-21900
https://notcve.org/view.php?id=CVE-2021-21900
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad dxfRW::processLType() de LibreCad libdxfrw versión 2.2.0-rc2-19-ge02f3580. Un archivo .dxf especialmente diseñado puede conllevar a una vulnerabilidad de uso de memoria previamente liberada. • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ https://security.gentoo.org/glsa/202305-26 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351 https://www.debian.org/security/2022/dsa-5077 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14312
https://notcve.org/view.php?id=CVE-2020-14312
A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Se encontró un fallo en la configuración predeterminada de dnsmasq, como es enviado con Fedora versiones anteriores a 31 y en todas las versiones de Red Hat Enterprise Linux, donde escucha en cualquier interfaz y acepta consultas de direcciones fuera de su subred local. • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2010-5304
https://notcve.org/view.php?id=CVE-2010-5304
A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. Se encontró un fallo de desreferencia del puntero NULL en la manera en que LibVNCServer versiones anteriores a 0.9.9 manejaba determinado mensaje de ClientCutText. Un atacante remoto podría utilizar este fallo para bloquear el servidor VNC mediante el envío de un mensaje ClientCutText especialmente diseñado desde un cliente VNC. • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139814.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140219.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://seclists.org/oss-sec/2014/q3/639 http://www.openwall.com/lists/oss-security/2014/09/23/6 • CWE-476: NULL Pointer Dereference •