CVE-2021-25288
- EPSS 0.27%
- Published 02.06.2021 16:15:08
- Last modified 21.11.2024 05:54:41
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
CVE-2021-28676
- EPSS 0.37%
- Published 02.06.2021 16:15:08
- Last modified 21.11.2024 06:00:05
An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.
CVE-2021-28677
- EPSS 0.26%
- Published 02.06.2021 16:15:08
- Last modified 21.11.2024 06:00:06
An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking...
CVE-2021-28678
- EPSS 0.11%
- Published 02.06.2021 16:15:08
- Last modified 21.11.2024 06:00:06
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty dat...
CVE-2019-12067
- EPSS 0.17%
- Published 02.06.2021 15:15:07
- Last modified 21.11.2024 04:22:10
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
CVE-2021-28675
- EPSS 0.12%
- Published 02.06.2021 15:15:07
- Last modified 21.11.2024 06:00:05
An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.
- EPSS 0.02%
- Published 02.06.2021 14:15:07
- Last modified 21.11.2024 05:27:26
A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This fla...
CVE-2021-3516
- EPSS 0.33%
- Published 01.06.2021 14:15:10
- Last modified 21.11.2024 06:21:43
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availabi...
CVE-2021-3543
- EPSS 0.1%
- Published 01.06.2021 14:15:10
- Last modified 21.11.2024 06:21:48
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privil...
CVE-2021-23017
- EPSS 73.17%
- Published 01.06.2021 13:15:07
- Last modified 21.11.2024 05:51:09
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.