CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2020-22015 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-22015
26 May 2021 — Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code. Una vulnerabilidad de Desbordamiento del Búfer en FFmpeg versión 4.2 en la función mov_write_video_tag debido al fuera de límites del archivo libavformat/movenc.c, que podría permitir a un usuario malicioso remoto obtener información confidencial, causar una Denegación d... • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 2CVE-2020-25671 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2020-25671
26 May 2021 — A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations. Se encontró una vulnerabilidad en el Kernel de Linux, donde un filtrado de refcount en la función llcp_sock_connect() causa un uso de la memoria previamente liberada que podría conllevar a una escaladas de privilegios Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulne... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-416: Use After Free •
CVSS: 8.7EPSS: 0%CPEs: 22EXPL: 2CVE-2021-22543 – Improper memory handling in Linux KVM
https://notcve.org/view.php?id=CVE-2021-22543
26 May 2021 — An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Se detectó un problema en Linux: KVM mediante del manejo inapropiado de Los vmas VM_IO|VM_PFNMAP en KVM pueden omitir unas comprobaciones RO y puede conllevar a que las pági... • https://packetstorm.news/files/id/179984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2021-31808 – squid: integer overflow in HTTP Range header
https://notcve.org/view.php?id=CVE-2021-31808
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de comprobación de entrada, es vulnerable a ataques de Denegación de Servicio (contra todos los clientes que usan el proxy). • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 1CVE-2021-28651 – squid: denial of service in URN processing
https://notcve.org/view.php?id=CVE-2021-28651
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-28652 – squid: denial of service issue in Cache Manager
https://notcve.org/view.php?id=CVE-2021-28652
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.1EPSS: 0%CPEs: 18EXPL: 2CVE-2021-22898 – curl: TELNET stack contents disclosure
https://notcve.org/view.php?id=CVE-2021-22898
26 May 2021 — curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl versiones 7.7 hasta 7.76.1 suf... • http://www.openwall.com/lists/oss-security/2021/07/21/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 6.5EPSS: 82%CPEs: 7EXPL: 1CVE-2021-31806 – squid: improper input validation in HTTP Range header
https://notcve.org/view.php?id=CVE-2021-31806
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración de la memoria, es vulnerable a un ataque de Denegación de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTT... • https://packetstorm.news/files/id/180526 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2020-25672 – Ubuntu Security Notice USN-5343-1
https://notcve.org/view.php?id=CVE-2020-25672
25 May 2021 — A memory leak vulnerability was found in Linux kernel in llcp_sock_connect Se encontró una vulnerabilidad de pérdida de memoria en el kernel de Linux en la función llcp_sock_connect Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namesp... • http://www.openwall.com/lists/oss-security/2020/11/01/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20453 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20453
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service FFmpeg versión 4.2 está afectado por un problema de Divide By Zero por medio del archivo libavcodec/aaccoder, que permite a un usuario malicioso remoto causar una Denegación de Servicio It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. T... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •