CVE-2021-36489
https://notcve.org/view.php?id=CVE-2021-36489
Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. • https://github.com/liballeg/allegro5/issues/1251 • CWE-787: Out-of-bounds Write •
CVE-2021-43978
https://notcve.org/view.php?id=CVE-2021-43978
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. Allegro Windows versión 3.3.4152.0, inserta las credenciales de la base de datos del administrador del software en sus archivos binarios, lo que permite a usuarios acceder y modificar los datos usando las mismas credenciales • https://excellium-services.com/cert-xlm-advisory/CVE-2021-43978 https://www.allegro.be • CWE-522: Insufficiently Protected Credentials •
CVE-2021-42110
https://notcve.org/view.php?id=CVE-2021-42110
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. Se ha detectado un problema en Allegro Windows (anteriormente Popsy Windows) versiones anteriores a 3.3.4156.1. Un usuario estándar puede escalar privilegios a SYSTEM si el módulo FTP está instalado, debido al secuestro de DLL • http://www.popsy.com/Documents/Setups/Setup.Allegro.3.3.4154.2.exe https://excellium-services.com/cert-xlm-advisory/CVE-2021-42110 •