Show filters
2,221 Total Results
Displaying 111-120 of 2,221
Sort by:
Attacker Value
Unknown

CVE-2021-3409

Disclosure Date: March 23, 2021 (last updated February 22, 2025)
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Attacker Value
Unknown

CVE-2021-20270

Disclosure Date: March 23, 2021 (last updated February 22, 2025)
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
Attacker Value
Unknown

CVE-2021-3416

Disclosure Date: March 18, 2021 (last updated February 22, 2025)
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Attacker Value
Unknown

CVE-2020-35524

Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Attacker Value
Unknown

CVE-2020-35523

Disclosure Date: March 09, 2021 (last updated February 22, 2025)
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Attacker Value
Unknown

CVE-2021-20244

Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Attacker Value
Unknown

CVE-2021-20246

Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Attacker Value
Unknown

CVE-2021-20245

Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Attacker Value
Unknown

CVE-2020-36183

Disclosure Date: January 07, 2021 (last updated February 22, 2025)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
Attacker Value
Unknown

CVE-2020-36179

Disclosure Date: January 07, 2021 (last updated February 22, 2025)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.