NotCVE - vendor:"Fedoraproject" product:"Extra Packages For Enterprise Linux" version:"9.0"

Page 4 of 20 results (0.012 seconds)

CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 1

CVE-2021-38714

https://notcve.org/view.php?id=CVE-2021-38714

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. En Plib versiones hasta 1.85, se presenta una vulnerabilidad de desbordamiento de enteros que podría resultar en una ejecución de código arbitrario. La vulnerabilidad es encontrada en la función ssgLoadTGA() del archivo src/ssg/ssgLoadTGA.cxx. • https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7HT3BKNAXLDY246UPUNRSBPGGVANRDOU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OTVSAKNCEYVMVAURQSB5GNA2MWL4XDPH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5SML6W6Z2B6THT76VPUKUFYQJABODFU https://sourceforge.net/p/plib/bugs/55 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-20247

https://notcve.org/view.php?id=CVE-2021-20247

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en mbsync versiones anteriores a v1.3.5 y v1.4.1. Las comprobaciones de los nombres de buzones devueltos por IMAP LIST/LSUB no ocurren, permitiendo a un servidor malicioso o comprometido utilizar nombres de buzones especialmente diseñados que contengan componentes de ruta ".." para acceder a datos fuera del buzón designado en el extremo opuesto del canal de sincronización. • https://bugzilla.redhat.com/show_bug.cgi?id=1928963 https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXQLCK35QGRCRENRTGKJO4VVZGUXUJJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDEBZQJMWDW5JFK4NTHH6DAFNAZTESW https://security.gentoo.org/glsa/202208-15 https://www.openwall.com/lists/oss-security/2021/02/22/1 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-27842 – openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c

https://notcve.org/view.php?id=CVE-2020-27842

There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Se presenta un fallo en el codificador t2 de openjpeg en versiones anteriores a 2.4.0. Un atacante que sea capaz de proporcionar una entrada diseñada para ser procesada por openjpeg podría causar una desreferencia del puntero null. • https://bugzilla.redhat.com/show_bug.cgi?id=1907513 https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://security.gentoo.org/glsa/202101-29 https://www.debian.org/security/2021/dsa-4882 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://access.redhat.com/security/cve/CVE-2020-27842 • CWE-125: Out-of-bounds Read •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2020-27818

https://notcve.org/view.php?id=CVE-2020-27818

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Se encontró un fallo en la función check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podría causar una denegación temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicación. • https://bodhi.fedoraproject.org/updates/FEDORA-2020-04d5e1ce26 https://bodhi.fedoraproject.org/updates/FEDORA-2020-23432b7b72 https://bodhi.fedoraproject.org/updates/FEDORA-2020-27b168926a https://bodhi.fedoraproject.org/updates/FEDORA-2020-4349e95c4f https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 https://bugzilla.redhat.com/show_bug.cgi?id=1902011 https://lists.debian.org/debian-lts-announce/2022/05/msg00043.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 1

CVE-2020-7106

https://notcve.org/view.php?id=CVE-2020-7106

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, y user_group_admin.php, como es demostrado por el parámetro description en el archivo data_sources.php (una cadena sin procesar desde la base de datos que se despliega con $header para activar un ataque de tipo XSS). • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html https://github.com/Cacti/cacti/issues/3191 https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html https://lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4