CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21535 – Ubuntu Security Notice USN-5864-1
https://notcve.org/view.php?id=CVE-2020-21535
16 Sep 2021 — fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. fig2dev versión 3.2.7b, contiene un fallo de segmentación en la función gencgm_start del archivo gencgm.c Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered ... • https://cwe.mitre.org/data/definitions/125.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21534 – Ubuntu Security Notice USN-5864-1
https://notcve.org/view.php?id=CVE-2020-21534
16 Sep 2021 — fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. fig2dev versión 3.2.7b, contiene un desbordamiento del buffer global en la función get_line en el archivo read.c Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discov... • https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21533
https://notcve.org/view.php?id=CVE-2020-21533
16 Sep 2021 — fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. fig2dev versión 3.2.7b, contiene un desbordamiento del buffer de la pila en la función read_textobject en el archivo read.c • https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21530 – Ubuntu Security Notice USN-5864-1
https://notcve.org/view.php?id=CVE-2020-21530
16 Sep 2021 — fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. fig2dev versión 3.2.7b, contiene un fallo de segmentación en la función read_objects del archivo read.c Frederic Cambus discovered that Fig2dev incorrectly handled certain image files. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that... • https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-41079 – Apache Tomcat DoS with unexpected TLS packet
https://notcve.org/view.php?id=CVE-2021-41079
16 Sep 2021 — Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. Apache Tomcat versiones 8.5.0 hasta 8.5.63, versiones 9.0.0-M1 hasta 9.0.43 y versiones 10.0.0-M1 hasta 10.0.2, no comprueban apropiadamente los paquetes TLS entrantes. Cuando Tomcat estaba configurado para usar NIO+... • https://lists.apache.org/thread.html/r6b6b674e3f168dd010e67dbe6848b866e2acf26371452fdae313b98a%40%3Cusers.tomcat.apache.org%3E • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 94%CPEs: 26EXPL: 11CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
16 Sep 2021 — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the ht... • https://github.com/sixpacksecurity/CVE-2021-40438 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 40%CPEs: 17EXPL: 0CVE-2021-39275 – ap_escape_quotes buffer overflow
https://notcve.org/view.php?id=CVE-2021-39275
16 Sep 2021 — ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. la función ap_escape_quotes() puede escribir más allá del final de un buffer cuando se le da una entrada maliciosa. Ningún módulo incluido pasa datos no confiables a estas funciones, pero los módulos externos o de terceros pueden hacerlo. Este problema afecta a Apache H... • https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 0CVE-2021-36160 – mod_proxy_uwsgi out of bound read
https://notcve.org/view.php?id=CVE-2021-36160
16 Sep 2021 — A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). Una uri-path de petición cuidadosamente diseñada puede causar que la función mod_proxy_uwsgi lea por encima de la memoria asignada y se bloquee (DoS). Este problema afecta a Apache HTTP Server versiones 2.4.30 a 2.4.48 (incluyéndola) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated atta... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 8%CPEs: 25EXPL: 0CVE-2021-34798 – NULL pointer dereference in httpd core
https://notcve.org/view.php?id=CVE-2021-34798
16 Sep 2021 — Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-21529
https://notcve.org/view.php?id=CVE-2020-21529
16 Sep 2021 — fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. fig2dev versión 3.2.7b, contiene un desbordamiento del búfer de la pila en la función bezier_spline en el archivo genepic.c • https://lists.debian.org/debian-lts-announce/2021/10/msg00002.html • CWE-787: Out-of-bounds Write •