CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38714 – Ubuntu Security Notice USN-6353-1
https://notcve.org/view.php?id=CVE-2021-38714
24 Aug 2021 — In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. En Plib versiones hasta 1.85, se presenta una vulnerabilidad de desbordamiento de enteros que podría resultar en una ejecución de código arbitrario. La vulnerabilidad es encontrada en la función ssgLoadTGA() del archivo src/ssg/ssgLoadTGA.cxx. Wooseok Kang discovered that PLIB did not properly manage memory under c... • https://lists.debian.org/debian-lts-announce/2021/10/msg00000.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-27842 – openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c
https://notcve.org/view.php?id=CVE-2020-27842
05 Jan 2021 — There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Se presenta un fallo en el codificador t2 de openjpeg en versiones anteriores a 2.4.0. Un atacante que sea capaz de proporcionar una entrada diseñada para ser procesada por openjpeg podría causar una desreferencia del puntero null. • https://bugzilla.redhat.com/show_bug.cgi?id=1907513 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27818 – Ubuntu Security Notice USN-6182-1
https://notcve.org/view.php?id=CVE-2020-27818
06 Dec 2020 — A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Se encontró un fallo en la función check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podría causar una denegación temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicación. An upda... • https://github.com/13m0n4de/pngcheck-vulns • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2020-9274 – Gentoo Linux Security Advisory 202003-54
https://notcve.org/view.php?id=CVE-2020-9274
26 Feb 2020 — An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Se detectó un problema en Pure-FTPd versión 1.0.49. • https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.1EPSS: 4%CPEs: 12EXPL: 1CVE-2020-7106 – Gentoo Linux Security Advisory 202003-40
https://notcve.org/view.php?id=CVE-2020-7106
16 Jan 2020 — Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php,... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •