CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2020-20451
https://notcve.org/view.php?id=CVE-2020-20451
25 May 2021 — Denial of Service issue in FFmpeg 4.2 due to resource management errors via fftools/cmdutils.c. Un Problema de Denegación de Servicio en FFmpeg versión 4.2, debido a errores de administración de recursos por medio del archivo fftools/cmdutils.c • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20446 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20446
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service. FFmpeg versión 4.2 está afectado por un problema Divide By Zero por medio del archivo libavcodec/aacpsy.c, que permite a un usuario malicioso remoto causar una Denegación de Servicio Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/s... • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-20445 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-20445
25 May 2021 — FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service. It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. It was discovered that FFmpeg incorrectly handled certain input. • https://lists.debian.org/debian-lts-announce/2021/11/msg00012.html • CWE-369: Divide By Zero •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-21041 – Debian Security Advisory 4990-1
https://notcve.org/view.php?id=CVE-2020-21041
24 May 2021 — Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service Una vulnerabilidad de Desbordamiento de Búfer se presenta en FFmpeg versión 4.1, por medio de la función apng_do_inverse_blend en la biblioteca libavcodec/pngenc.c, que podría permitir a un usuario malicioso remoto causar una Denegación de Servicio It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Codin... • https://lists.debian.org/debian-lts-announce/2021/08/msg00018.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0CVE-2020-26558 – bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack
https://notcve.org/view.php?id=CVE-2020-26558
24 May 2021 — Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value o... • https://kb.cert.org/vuls/id/799380 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36330 – libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c
https://notcve.org/view.php?id=CVE-2020-36330
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkVerifyAndAssign. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36329 – libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c
https://notcve.org/view.php?id=CVE-2020-36329
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró un uso de la memoria previamente liberada debido a que un subproceso se eliminó demasiado pronto. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36328 – libwebp: heap-based buffer overflow in WebPDecode*Into functions
https://notcve.org/view.php?id=CVE-2020-36328
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Un desbordamiento del búfer en la región heap de la memoria en la función WebPDecodeRGBInto es posible debido a una verificación no válida del tamaño del búfer. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2021-33477 – Gentoo Linux Security Advisory 202209-07
https://notcve.org/view.php?id=CVE-2021-33477
20 May 2021 — rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. rxvt-unicode versión 9.22, rxvt versión 2.7.10, mrxvt versión 0.5.4 y Eterm versión 0.9.7 permiten una ejecución de código (potencialmente remoto) debido al manejo inapropiado de determinadas secuencias de escape (ESC GQ). Una respuesta es terminada con una nueva línea A vulnerability has been di... • http://cvs.schmorp.de/rxvt-unicode/Changes?view=log • CWE-755: Improper Handling of Exceptional Conditions •