CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-3402
https://notcve.org/view.php?id=CVE-2021-3402
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4 Un desbordamiento de enteros y varias lecturas de desbordamiento de búfer en el archivo libyara/modules/macho/macho.c en YARA versiones v4.0.3 y anteriores, podrían permitir a un atacante causar una denegación de servicio o una divulgación de información por medio de un archivo Mach-O malicioso. Afecta a todas las versiones anteriores a libyara 4.0.4 • https://bugzilla.redhat.com/show_bug.cgi?id=1930175 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH https://www.openwall.com/lists/oss-security/2021/01/29/2 https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una desreferencia de NULL. Si un documento XML que no es confiable fue analizado en modo de recuperación y pos-comprobado, el fallo podría usarse para bloquear la aplicación. • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV https://security.gentoo.org/glsa/202107-05 https://security.netapp.com/advisory/ntap-20210625-0002 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 3CVE-2021-32613
https://notcve.org/view.php?id=CVE-2021-32613
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. En radare2 versiones hasta 5.3.0, se presenta una vulnerabilidad de doble liberación en el análisis de pyc mediante un archivo diseñado que puede conllevar a una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1959939 https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 https://github.com/radareorg/radare2/issues/18666 https://github.com/radareorg/radare2/issues/18667 https://github.com/radareorg/radare2/issues/18679 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O https://lists.fedoraproject.org/archives/l • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27769
https://notcve.org/view.php?id=CVE-2020-27769
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. En ImageMagick versiones anteriores a 7.0.9-0, están fuera del rango de valores representables de tipo "float" en el archivo MagickCore/quantize.c • https://bugzilla.redhat.com/show_bug.cgi?id=1894690 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29510 – Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic
https://notcve.org/view.php?id=CVE-2021-29510
Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. • https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468 https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2HT266L6Q7H6ICP7DFGXOGBJHNNKMKB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEFWM7DYKD2ZHE7R5YT5EQWJPV4ZKYRB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMKAJX4O6IGBBCE32CO2G7PZQCCQSBLV • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •