CVE-2020-21596
libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. Date published : 2021-09-16 https://github.com/strukturag/libde265/issues/236
Monthly Archive: September 2021
CVE-2020-21595
libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file. Date published : 2021-09-16 https://github.com/strukturag/libde265/issues/239
CVE-2020-21594
libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. Date published : 2021-09-16 https://github.com/strukturag/libde265/issues/233
CVE-2020-21535
fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/62/
CVE-2020-21534
fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/58/
CVE-2020-21533
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/59/
CVE-2020-21532
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/64/
CVE-2020-21531
fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/63/
CVE-2020-21530
fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/61/
CVE-2020-21529
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. Date published : 2021-09-16 https://sourceforge.net/p/mcj/tickets/65/
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version
CVE-2020-14124
There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. Date published : 2021-09-16 https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=17
CVE-2020-14119
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 Date published : 2021-09-16 https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=16
CVE-2020-14109
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 Date published : 2021-09-16 https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=25&locale=zh