NotCVE - vendor:"Fedoraproject" product:"Fedora" version:"33"

Page 96 of 1215 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2020-27823 – openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode()

https://notcve.org/view.php?id=CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el codificador de OpenJPEG. Este fallo permite a un atacante pasar una entrada de desplazamiento x,y especialmente diseñada a OpenJPEG para usarla durante la codificación. • https://bugzilla.redhat.com/show_bug.cgi?id=1905762 https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://www.debian.org/security/2021/dsa-4882 https://access.redhat.com/security/cve/CVE-2020-27823 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-27824 – openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes()

https://notcve.org/view.php?id=CVE-2020-27824

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el codificador de OpenJPEG en la función opj_dwt_calc_explicit_stepsizes(). Este fallo permite a un atacante que puede suministrar una entrada diseñada a niveles de descomposición para causar un desbordamiento del búfer. • https://bugzilla.redhat.com/show_bug.cgi?id=1905723 https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV https://www.debian.org/security/2021/dsa-4882 https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2020- • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 11%CPEs: 6EXPL: 1

CVE-2021-29472 – Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer

https://notcve.org/view.php?id=CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. • https://blog.sonarsource.com/php-supply-chain-attack-on-composer https://getcomposer.org https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx https://lists.debian.org/debian-lts-announce/2021/05/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FAQUAMGO4Q4BLNZ2OH4CXQD7UK4IO2GE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KN3DMFH42BJW45VT6FYF2RXKC26D6VC2 https://www.debian.org/security/2021/dsa-4 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2021-21225

https://notcve.org/view.php?id=CVE-2021-21225

Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un acceso a la memoria fuera de límites en V8 en Google Chrome versiones anteriores a 90.0.4430.85, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html https://crbug.com/1195977 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-787: Out-of-bounds Write •

CVSS: 9.6EPSS: 1%CPEs: 5EXPL: 0

CVE-2021-21226

https://notcve.org/view.php?id=CVE-2021-21226

Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Un uso de la memoria previamente liberada en navigation en Google Chrome versiones anteriores a 90.0.4430.85, permitía a un atacante remoto que había comprometido el proceso del renderizador llevar a cabo potencialmente un escape del sandbox por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html https://crbug.com/1197904 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A https://security.gentoo.org/glsa/202104-08 https:/ • CWE-416: Use After Free •

1...94 95 96 97 98