Show filters
2,221 Total Results
Displaying 111-120 of 2,221
Sort by:
Attacker Value
Unknown
CVE-2021-3409
Disclosure Date: March 23, 2021 (last updated February 22, 2025)
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
0
Attacker Value
Unknown
CVE-2021-20270
Disclosure Date: March 23, 2021 (last updated February 22, 2025)
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
0
Attacker Value
Unknown
CVE-2021-3416
Disclosure Date: March 18, 2021 (last updated February 22, 2025)
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
0
Attacker Value
Unknown
CVE-2020-35524
Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
0
Attacker Value
Unknown
CVE-2020-35523
Disclosure Date: March 09, 2021 (last updated February 22, 2025)
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
0
Attacker Value
Unknown
CVE-2021-20244
Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
0
Attacker Value
Unknown
CVE-2021-20246
Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
0
Attacker Value
Unknown
CVE-2021-20245
Disclosure Date: March 09, 2021 (last updated February 22, 2025)
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
0
Attacker Value
Unknown
CVE-2020-36183
Disclosure Date: January 07, 2021 (last updated February 22, 2025)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
0
Attacker Value
Unknown
CVE-2020-36179
Disclosure Date: January 07, 2021 (last updated February 22, 2025)
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
0