CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-31811 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading a tiny file
https://notcve.org/view.php?id=CVE-2021-31811
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. En Apache PDFBox, un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a la versión 2.0.23 de Apache PDFBox anterior a versiones 2.0.x • http://www.openwall.com/lists/oss-security/2021/06/12/2 https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff%40%3Cnotifications.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb%40%3Cnotifications.ofbiz.apache.org%3E http • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2021-31812 – A carefully crafted PDF file can trigger an infinite loop while loading the file
https://notcve.org/view.php?id=CVE-2021-31812
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. En Apache PDFBox, un archivo PDF cuidadosamente diseñado puede desencadenar un bucle infinito mientras se carga el archivo. Este problema afecta a versión 2.0.23 de Apache PDFBox anterior a versiones 2.0.x • http://www.openwall.com/lists/oss-security/2021/06/12/1 https://lists.apache.org/thread.html/r132e9dbbe0ebdc08b39583d8be0a575fdba573d60a42d940228bceff%40%3Cnotifications.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r143fd8445e0e778f4a85187bd79438630b96b8040e9401751fdb8aea%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r179cc3b6822c167702ab35fe36093d5da4c99af44238c8a754c6860f%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r2090789e4dcc2c87aacbd87d5f18e2d64dcb9f6eb7c47f5cf7d293cb%40%3Cnotifications.ofbiz.apache.org%3E http • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22915
https://notcve.org/view.php?id=CVE-2021-22915
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection. Nextcloud server versiones anteriores a 19.0.11, 20.0.10 y 21.0.2, es vulnerable a ataques de fuerza bruta debido a una falta de inclusión de subredes IPv6 en las consideraciones de limitación de velocidad. Esto podría potencialmente resultar en que un atacante omita los controles de limitación de velocidad, como la protección de fuerza bruta de Nextcloud • https://hackerone.com/reports/1154003 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGXGR6HYGQ6MZXISMJEHCOXRGRFRUFMA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S https://nextcloud.com/security/advisory/?id=NC-SA-2021-009 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 3CVE-2021-34557
https://notcve.org/view.php?id=CVE-2021-34557
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. XScreenSaver versión 5.45 puede ser omitido si la máquina tiene más de diez salidas de vídeo desconectables. Un desbordamiento de búfer en la función update_screen_layout() permite a un atacante omitir el mecanismo de autenticación de bloqueo de pantalla estándar, al bloquear a XScreenSaver. • http://www.openwall.com/lists/oss-security/2021/06/11/1 http://www.openwall.com/lists/oss-security/2021/07/06/2 https://github.com/QubesOS/qubes-issues/issues/6595 https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV https://www.openwall.com/lists/o • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1CVE-2021-34555
https://notcve.org/view.php?id=CVE-2021-34555
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. OpenDMARC versiones 1.4.1 y 1.4.1.1 permite a atacantes remotos causar una denegación de servicio (desviación del puntero NULL y bloqueo de la aplicación) por medio de un campo de encabezado From de varios valores • https://github.com/trusteddomainproject/OpenDMARC/issues/179 https://github.com/trusteddomainproject/OpenDMARC/pull/178 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MAT4ZSWPQ5SUTMYCXRXI5SMTWL4AG7E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZHZD4WZDYRBB2XVW2EQ4DQ2KYMAGPUO • CWE-476: NULL Pointer Dereference •