CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28091 – lasso: XML signature wrapping vulnerability when parsing SAML responses
https://notcve.org/view.php?id=CVE-2021-28091
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. Lasso todas las versiones anteriores a versión 2.7.0, presentan una verificación inapropiada de una firma criptográfica An XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. • http://listes.entrouvert.com/arc/lasso https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9 https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0 https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SI4YAQF4VEV2KHQ6OXXZL7CJK7IZQ3EG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSVWOHBBWLI2RB5C6TXINFEJRT4YSD3D https://www.debian.org&# • CWE-345: Insufficient Verification of Data Authenticity CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-22044
https://notcve.org/view.php?id=CVE-2020-22044
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg versión 4.2, debido a una pérdida de memoria en la función url_open_dyn_buf_internal en la biblioteca libavformat/aviobuf.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/8295 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-22041
https://notcve.org/view.php?id=CVE-2020-22041
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_buffersrc_add_frame_flags function in buffersrc. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg versión 4.2, debido a una pérdida de memoria en la función av_buffersrc_add_frame_flags en buffersrc • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/8296 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-22037
https://notcve.org/view.php?id=CVE-2020-22037
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg versión 4.2, debido a una pérdida de memoria en la función avcodec_alloc_context3 en el archivo options.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html https://trac.ffmpeg.org/ticket/8281 https://www.debian.org/security/2021/dsa-4990 https://www.debian.org/security/2021/dsa-4998 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-22036
https://notcve.org/view.php?id=CVE-2020-22036
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences. Se presenta una vulnerabilidad de desbordamiento del búfer en la región heap de la memoria en FFmpeg versión 4.2, en la función filter_intra en la biblioteca libavfilter/vf_bwdif.c, que podría conllevar a una corrupción de la memoria y otras potenciales consecuencias • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html https://trac.ffmpeg.org/ticket/8261 https://www.debian.org/security/2021/dsa-4990 • CWE-787: Out-of-bounds Write •