CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-20247 – Gentoo Linux Security Advisory 202208-15
https://notcve.org/view.php?id=CVE-2021-20247
23 Feb 2021 — A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. Se encontró un fallo en mbsync versiones anteriores a v1.3.5 y v1.4.1. Las comprobac... • https://bugzilla.redhat.com/show_bug.cgi?id=1928963 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-27842 – openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c
https://notcve.org/view.php?id=CVE-2020-27842
05 Jan 2021 — There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. Se presenta un fallo en el codificador t2 de openjpeg en versiones anteriores a 2.4.0. Un atacante que sea capaz de proporcionar una entrada diseñada para ser procesada por openjpeg podría causar una desreferencia del puntero null. • https://bugzilla.redhat.com/show_bug.cgi?id=1907513 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2020-27818 – Ubuntu Security Notice USN-6182-1
https://notcve.org/view.php?id=CVE-2020-27818
08 Dec 2020 — A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. Se encontró un fallo en la función check_chunk_name() de pngcheck-2.4.0. Un atacante capaz de pasar un archivo malicioso para ser procesado por pngcheck podría causar una denegación temporal de servicio, lo que supone un bajo riesgo para la disponibilidad de la aplicación. It was ... • https://github.com/13m0n4de/pngcheck-vulns • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2020-9274 – Gentoo Linux Security Advisory 202003-54
https://notcve.org/view.php?id=CVE-2020-9274
26 Feb 2020 — An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Se detectó un problema en Pure-FTPd versión 1.0.49. • https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.1EPSS: 4%CPEs: 12EXPL: 1CVE-2020-7106 – Gentoo Linux Security Advisory 202003-40
https://notcve.org/view.php?id=CVE-2020-7106
16 Jan 2020 — Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). Cacti versión 1.2.8, tiene un vulnerabilidad de tipo XSS almacenado en los archivos data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php,... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •