Page 7 of 1215 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-3575 – openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution

https://notcve.org/view.php?id=CVE-2021-3575

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. Se encontró un desbordamiento de búfer en la región heap de la memoria en openjpeg en color.c:379:42 en sycc420_to_rgb cuando es descomprimido un archivo .j2k diseñado. Un atacante podría usar esto para ejecutar código arbitrario con los permisos de la aplicación compilada contra openjpeg A heap-based buffer overflow was found in OpenJPEG. This flaw allows an attacker to execute arbitrary code with the permissions of the application compiled against OpenJPEG. • https://bugzilla.redhat.com/show_bug.cgi?id=1957616 https://github.com/uclouvain/openjpeg/issues/1347 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP https://ubuntu.com/security/CVE-2021-3575 https://access.redhat.com/security/cve/CVE-2021-3575 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-3927 – Heap-based Buffer Overflow in vim/vim

https://notcve.org/view.php?id=CVE-2021-3927

vim is vulnerable to Heap-based Buffer Overflow vim es vulnerable a un Desbordamiento del Búfer en la región Heap de la memoria • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7 https://lists.fedoraproject.org/archives/list/package-announce% • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2021-3928 – Use of Uninitialized Variable in vim/vim

https://notcve.org/view.php?id=CVE-2021-3928

vim is vulnerable to Use of Uninitialized Variable vim es vulnerable al uso de una variable no inicializada • http://www.openwall.com/lists/oss-security/2022/01/15/1 https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BCQWPEY2AEYBELCMJYHYWYCD3PZVD2H7 https://lists.fedoraproject.org/archives/list/package-announce% • CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-27836

https://notcve.org/view.php?id=CVE-2021-27836

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Se ha detectado un problema en la función xls_getWorkSheet en el archivo xls.c en libxls 1.6.2, que permite a atacantes causar una denegación de servicio, por medio de un archivo XLS diseñado • https://github.com/libxls/libxls/issues/94 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5D7XXCVFYRRMI4ENXYSD3MZEBS6SMI7E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFOE4Z6T46LA47VXWUVET4ELXRZQ3BWB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6XOTFEOCHYKZAFCB6H3KNIIFJ3UFV7V • CWE-476: NULL Pointer Dereference •

CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-27820 – kernel: use-after-free in nouveau kernel module

https://notcve.org/view.php?id=CVE-2020-27820

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). Se ha encontrado una vulnerabilidad en el kernel de Linux, en la que un uso de memoria previamente liberada en el manejador postclose() de nouveau podría ocurrir si se quita el dispositivo (que no es común quitar la tarjeta de vídeo físicamente sin apagar, pero lo mismo ocurre si se "desvincula" el controlador) • https://bugzilla.redhat.com/show_bug.cgi?id=1901726 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline%40redhat.com https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline%40redhat.com https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline%40redhat.com https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-27820 https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com https://lore.kernel.org • CWE-416: Use After Free •