
CVE-2021-23215 – Debian Security Advisory 5299-1
https://notcve.org/view.php?id=CVE-2021-23215
05 May 2021 — An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. Se ha encontrado un desbordamiento de enteros que conlleva un desbordamiento del búfer de la pila en el DwaCompressor de OpenEXR en versiones anteriores a 3.0.1. Un atacante podría usar este fallo para bloquear una aplicación compilada con OpenEXR An update that fixes 5 vulnerabilities is now available. This u... • https://bugzilla.redhat.com/show_bug.cgi?id=1947586 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •

CVE-2021-31542 – django: Potential directory-traversal via uploaded files
https://notcve.org/view.php?id=CVE-2021-31542
04 May 2021 — In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. En Django versiones 2.2 anteriores a 2.2.21, versiones 3.1 anteriores a 3.1.9 y versiones 3.2 anteriores a 3.2.1, MultiPartParser, UploadedFile y FieldFile, permitían un salto de directorio por medio de archivos cargados con nombres de archivo cuidadosamente diseñados A flaw was found in Django. `MultiPartParser`, `... • http://www.openwall.com/lists/oss-security/2021/05/04/3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2021-3426 – python: Information disclosure via pydoc
https://notcve.org/view.php?id=CVE-2021-3426
03 May 2021 — There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Se presenta un fallo en pydoc de Pytho... • https://bugzilla.redhat.com/show_bug.cgi?id=1935913 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2021-31870 – Ubuntu Security Notice USN-5379-1
https://notcve.org/view.php?id=CVE-2021-31870
30 Apr 2021 — An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow. Se detectó un problema en klibc versiones anteriores a 2.0.9. Una multiplicación en la función calloc() puede resultar en un desbordamiento de enteros y un posterior desbordamiento del búfer de la pila. It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. • http://www.openwall.com/lists/oss-security/2021/04/30/1 • CWE-190: Integer Overflow or Wraparound •

CVE-2021-31872 – Ubuntu Security Notice USN-5379-1
https://notcve.org/view.php?id=CVE-2021-31872
30 Apr 2021 — An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact. Se detectó un problema en klibc versiones anteriores a 2.0.9. Múltiples desbordamientos de enteros posibles en el comando cpio en sistemas de 32 bits pueden resultar en un desbordamiento del búfer u otro impacto en la seguridad. It was discovered that klibc did not properly perform some mathematical operations, leading to an i... • http://www.openwall.com/lists/oss-security/2021/04/30/1 • CWE-190: Integer Overflow or Wraparound •

CVE-2021-31871 – Ubuntu Security Notice USN-5379-1
https://notcve.org/view.php?id=CVE-2021-31871
30 Apr 2021 — An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. Se detectó un problema en klibc versiones anteriores a 2.0.9. Un desbordamiento de enteros en el comando cpio puede resultar en una desreferencia del puntero NULL en sistemas de 64 bits. It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. • http://www.openwall.com/lists/oss-security/2021/04/30/1 • CWE-190: Integer Overflow or Wraparound •

CVE-2021-31873 – Ubuntu Security Notice USN-5379-1
https://notcve.org/view.php?id=CVE-2021-31873
30 Apr 2021 — An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow. Se detectó un problema en klibc versiones anteriores a 2.0.9. Las adiciones en la función malloc() pueden resultar en un desbordamiento de enteros y un posterior desbordamiento del búfer de la pila. It was discovered that klibc did not properly perform some mathematical operations, leading to an integer overflow. • http://www.openwall.com/lists/oss-security/2021/04/30/1 • CWE-190: Integer Overflow or Wraparound •

CVE-2021-20254 – samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token
https://notcve.org/view.php?id=CVE-2021-20254
30 Apr 2021 — A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=1949442 • CWE-125: Out-of-bounds Read •

CVE-2020-18032 – graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c
https://notcve.org/view.php?id=CVE-2020-18032
29 Apr 2021 — Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. Un Desbordamiento de Búfer en Graphviz Graph Visualization Tools desde el ID del commit f8b9e035 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (bloqueo de la aplicación) al cargar un a... • https://gitlab.com/graphviz/graphviz/-/issues/1700 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •

CVE-2021-21417 – Use after free in fluidsynth
https://notcve.org/view.php?id=CVE-2021-21417
29 Apr 2021 — fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. fluidsynth es un sintetizador de software basado en las especificaciones de SoundFont 2. Se detectó un uso de la memoria previamente liberada en fluidsynth, que puede ser activado al cargar un archivo SoundFont no válido • https://github.com/FluidSynth/fluidsynth/issues/808 • CWE-416: Use After Free •