CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-22048
https://notcve.org/view.php?id=CVE-2020-22048
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg 4.2, debido a una pérdida de memoria en la función ff_frame_pool_get del archivo framepool.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/8303 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-22046
https://notcve.org/view.php?id=CVE-2020-22046
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg 4.2, debido a una pérdida de memoria en la función avpriv_float_dsp_allocl del archivo libavutil/float_dsp.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/8294 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3468 – avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
https://notcve.org/view.php?id=CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. Se ha encontrado un fallo en avahi en versiones 0.6 hasta 0.8. El evento usado para señalar la terminación de la conexión del cliente en el socket Unix de avahi no se maneja correctamente en la función client_work, permitiendo a un atacante local desencadenar un bucle infinito. • https://bugzilla.redhat.com/show_bug.cgi?id=1939614 https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html https://lists.debian.org/debian-lts-announce/2023/06/msg00028.html https://access.redhat.com/security/cve/CVE-2021-3468 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html https://security-tracker.debian.org/tracker/CVE-2019-12067 https://security.netapp.com/advisory/ntap-20210727-0001 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-10195
https://notcve.org/view.php?id=CVE-2018-10195
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. lrzsz versiones anteriores a 0.12.21~rc, puede filtrar información al lado receptor debido a una comprobación de longitud incorrecta en la función zsdata que causa que size_t se envuelva • http://www.ohse.de/uwe/software/lrzsz.html https://bugzilla.redhat.com/show_bug.cgi?id=1572058 https://lists.debian.org/debian-lts-announce/2022/01/msg00027.html https://lists.suse.com/pipermail/sle-security-updates/2018-April/003955.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931 https://lists.suse.com/pipermail/sle-security-updates/2018-April/003956.html?_ga=2.81625751.1026327980.1622040648-1950393542.1547130931 • CWE-190: Integer Overflow or Wraparound •