Security
Headlines
HeadlinesLatestCVEs

Tag

#debian

CVE-2021-45911: #1002687 - gif2apng: Heap based buffer overflow in processing of delays in the main function

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.

CVE
#mac#linux#debian
CVE-2021-45908: #1002669 - gif2apng: Two stack based buffer overflows in the DecodeLZW function

An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.

CVE-2021-45910: #1002667 - gif2apng: Heap based buffer overflow in the main function

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.

CVE-2021-45909: #1002668 - gif2apng: Heap based buffer overflow in the DecodeLZW function

An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.

CVE-2020-16154: App::cpanminus

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.

CVE-2021-43117: fastadmin v1.2.1 file upload getshell · Issue #1 · ambitiousleader/some-automated-script

fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access.

CVE-2021-38759: Raspberry Pi Documentation - Configuration

Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.

CVE-2021-43687: GitHub - chamilo/chamilo-lms at v1.11.14

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

CVE-2021-41679: SQL INJECTION IN FUNCTION /INPUTFINALGRADES.PHP · Issue #204 · OS4ED/openSIS-Classic

A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.