CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36476 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2020-36476
23 Aug 2021 — An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory. Se ha detectado un problema en Mbed TLS versiones anteriores a 2.24.0 (y versiones anteriores a 2.16.8 LTS y versiones anteriores a 2.7.17 LTS). Falta la puesta a cero de los búferes de texto plano en la función mbedtls_ssl_read para borrar de la memoria los datos no usados de la aplicación. Multip... • https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2020-36478 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2020-36478
23 Aug 2021 — An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. Se ha detectado un problema en Mbed TLS versiones anteriores a 2.25.0 (y versiones anteriores a 2.16.9 LTS y versiones anteriores a 2.7.18 LTS). Una entrada de parámetros de algoritmo ... • https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39365 – grilo: missing TLS certificate verification
https://notcve.org/view.php?id=CVE-2021-39365
22 Aug 2021 — In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. En GNOME grilo versiones hasta 0.3.13, grl-net-wc.c no habilita la verificación de certificados TLS en los objetos SoupSessionAsync que crea, dejando a los usuarios vulnerables a ataques MITM de red. NOTA: esto es similar a CVE-2016-20011. Michael Catanzaro reported a problem in Grilo, a ... • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38171 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38171
21 Aug 2021 — adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted. La función adts_decode_extradata en el archivo libavformat/adtsenc.c en Ffmpeg versión 4.4, no comprueba el valor de retorno de init_get_bits, que es un paso necesario porque el segundo argumento de init_get_bits puede ser diseñado. It was discovered that FFmpeg would attempt to divide by zero when using Linear Pred... • https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 • CWE-252: Unchecked Return Value •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37698 – Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer
https://notcve.org/view.php?id=CVE-2021-37698
19 Aug 2021 — Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version ... • https://github.com/Icinga/icinga2/releases/tag/v2.11.11 • CWE-295: Improper Certificate Validation •
CVSS: 7.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-37695 – Execution of JavaScript code using malformed HTML in ckeditor
https://notcve.org/view.php?id=CVE-2021-37695
12 Aug 2021 — ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. • https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38291 – Gentoo Linux Security Advisory 202312-14
https://notcve.org/view.php?id=CVE-2021-38291
12 Aug 2021 — FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. Una versión de FFmpeg (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) sufre un fallo de aserción en el archivo src/libavutil/mathematics.c It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ub... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21675
https://notcve.org/view.php?id=CVE-2020-21675
10 Aug 2021 — A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. Un desbordamiento del búfer en la región stack de la memoria en el componente genptk_text en el archivo genptk.c de fig2dev versión 3.2.7b, permite a atacantes causar una denegación de servicio (DOS) por medio de la conversión de un archivo xfig en formato ptk • https://cwe.mitre.org/data/definitions/121.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-21676
https://notcve.org/view.php?id=CVE-2020-21676
10 Aug 2021 — A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. Un desbordamiento del búfer en la región stack de la memoria en el componente genpstrx_text() del archivo genpstricks.c de fig2dev versión 3.2.7b, permite a atacantes causar una denegación de servicio (DOS) por medio de la conversión de un archivo xfig al formato pstricks • https://cwe.mitre.org/data/definitions/121.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-38198 – Ubuntu Security Notice USN-5116-1
https://notcve.org/view.php?id=CVE-2021-38198
08 Aug 2021 — arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. El archivo arch/x86/kvm/mmu/paging_tmpl.h en el kernel de Linux versiones anteriores a 5.12.11, computa incorrectamente los permisos de acceso de una página sombra, conllevando a un fallo de página de protección de invitados It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An atta... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11 •