CVE-2020-21684
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Source: CVE-2020-21684
CVE-2020-21684
A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Source: CVE-2020-21684
CVE-2020-21681
A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Source: CVE-2020-21681
CVE-2020-21682
A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Source: CVE-2020-21682
CVE-2020-21677
A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.
Source: CVE-2020-21677
CVE-2020-21678
A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.
Source: CVE-2020-21678
CVE-2020-21676
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Source: CVE-2020-21676
CVE-2021-37390
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
Source: CVE-2021-37390
CVE-2021-37389
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
Source: CVE-2021-37389
CVE-2021-33708
Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice and escalate privileges.
Source: CVE-2021-33708
CVE-2021-29296
** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched.
Source: CVE-2021-29296