CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33054 – Debian Security Advisory 5029-1
https://notcve.org/view.php?id=CVE-2021-33054
04 Jun 2021 — SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.) SOGo versiones 2.x anteriores a 2.4.1 y versiones 3.x hasta 5.x anteriores a 5.1.1, no comprueba las firmas de las aserciones SAML que recibe. Cualquier actor con acceso a la red del despliegue podría suplantar a usuarios cuando SAML... • https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2020-22054 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-22054
02 Jun 2021 — A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg versión 4.2, debido a una pérdida de memoria en la función av_dict_set en el archivo dict.c Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=6f2a3958cfac135c60b509a61a4fd39432d8f9a9 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2020-22049 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-22049
02 Jun 2021 — A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg versión 4.2, debido a una pérdida de memoria en la función wtvfile_open_sector en el archivo wtvdec.c Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=373c1c9b691fd4c6831b3a114a006b639304c2af • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-22048
https://notcve.org/view.php?id=CVE-2020-22048
02 Jun 2021 — A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg 4.2, debido a una pérdida de memoria en la función ff_frame_pool_get del archivo framepool.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2020-22046
https://notcve.org/view.php?id=CVE-2020-22046
02 Jun 2021 — A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg 4.2, debido a una pérdida de memoria en la función avpriv_float_dsp_allocl del archivo libavutil/float_dsp.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3468 – avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
https://notcve.org/view.php?id=CVE-2021-3468
02 Jun 2021 — A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. Se ha encontrado un fallo en avahi en versiones 0.6 hasta 0.8. El evento usado para señalar la terminación de la c... • https://bugzilla.redhat.com/show_bug.cgi?id=1939614 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
02 Jun 2021 — The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-10195
https://notcve.org/view.php?id=CVE-2018-10195
02 Jun 2021 — lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. lrzsz versiones anteriores a 0.12.21~rc, puede filtrar información al lado receptor debido a una comprobación de longitud incorrecta en la función zsdata que causa que size_t se envuelva • http://www.ohse.de/uwe/software/lrzsz.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28091 – lasso: XML signature wrapping vulnerability when parsing SAML responses
https://notcve.org/view.php?id=CVE-2021-28091
02 Jun 2021 — Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. Lasso todas las versiones anteriores a versión 2.7.0, presentan una verificación inapropiada de una firma criptográfica An XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is... • http://listes.entrouvert.com/arc/lasso • CWE-345: Insufficient Verification of Data Authenticity CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 1CVE-2020-22044
https://notcve.org/view.php?id=CVE-2020-22044
01 Jun 2021 — A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c. Se presenta una vulnerabilidad de Denegación de Servicio en FFmpeg versión 4.2, debido a una pérdida de memoria en la función url_open_dyn_buf_internal en la biblioteca libavformat/aviobuf.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-401: Missing Release of Memory after Effective Lifetime •