CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39521
https://notcve.org/view.php?id=CVE-2021-39521
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service. Se ha detectado un problema en libredwg versiones hasta 0.10.1.3751. Se presenta una desreferencia de puntero NULL en la función bit_read_BB() ubicada en el archivo bits.c. • https://github.com/LibreDWG/libredwg/issues/262 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39522
https://notcve.org/view.php?id=CVE-2021-39522
20 Sep 2021 — An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow. Se ha detectado un problema en libredwg en la versión 0.10.1.3751. La función bit_wcs2len() en el archivo bits.c presenta un desbordamiento del búfer en la región heap de la memoria • https://github.com/LibreDWG/libredwg/issues/255 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-39537 – Ubuntu Security Notice USN-6099-1
https://notcve.org/view.php?id=CVE-2021-39537
20 Sep 2021 — An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Se ha detectado un problema en ncurses versiones hasta v6.2-1. La función _nc_captoinfo en el archivo captoinfo.c presenta un desbordamiento de búfer en la región heap de la memoria It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. • http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38354 – GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38354
09 Sep 2021 — The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. El plugin GNU-Mailman Integration de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro gm_error encontrado en el archivo ~/includes/admin/mailing-lists-page.php que permite a atacantes inye... • https://plugins.trac.wordpress.org/browser/gnu-mailman-integration/trunk/includes/admin/mailing-lists-page.php?rev=859898#L34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40491
https://notcve.org/view.php?id=CVE-2021-40491
03 Sep 2021 — The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. El cliente ftp en GNU Inetutils versiones anteriores a 2.2, no comprueba las direcciones devueltas por las respuestas PASV/LSPV para asegurarse de que coinciden con la dirección del servidor. Esto es similar a CVE-2020-8284 para curl • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2021-38604 – Gentoo Linux Security Advisory 202208-24
https://notcve.org/view.php?id=CVE-2021-38604
12 Aug 2021 — In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vuln... • https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-38185 – cpio: integer overflow in ds_fgetstr() in dstring.c can lead to an out-of-bounds write via a crafted pattern file
https://notcve.org/view.php?id=CVE-2021-38185
07 Aug 2021 — GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. GNU cpio versiones hasta 2.13, permite a atacantes ejecutar código arbitrario por medio de un archivo de patrones diseñado, debido a un desbordamiento de enteros en el archivo dstring.c en la función ... • https://github.com/fangqyi/cpiopwn • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2021-35942 – glibc: Arbitrary read in wordexp()
https://notcve.org/view.php?id=CVE-2021-35942
22 Jul 2021 — The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. La función wordexp de la biblioteca GNU C (también se conoce como glibc) versiones hasta 2.33, puede bloquearse o leer memoria arbitraria en la función... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-25051 – aspell: Heap-buffer-overflow in acommon::ObjStack::dup_top
https://notcve.org/view.php?id=CVE-2019-25051
20 Jul 2021 — objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). objstack en GNU Aspell versión 0.60.8, presenta un desbordamiento de búfer en la región heap de la memoria en la función acommon::ObjStack::dup_top (llamado desde acommon::StringMap::add y acommon::Config::lookup_list) GNU Aspell is a spell checker designed to eventually replace Ispell. It can either be used as a library or as an independent spe... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36080
https://notcve.org/view.php?id=CVE-2021-36080
01 Jul 2021 — GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). GNU LibreDWG versiones 0.12.3.4163 hasta 0.12.3.4191 presenta un double-free en la función bit_chain_free (llamado desde dwg_encode_MTEXT y dwg_encode_add_object) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31724 • CWE-415: Double Free •