Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2021-33054 Improper Verification of Cryptographic Signature vulnerability in multiple products
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives.
network
low complexity
inverse debian CWE-347
5.0
2021-06-02 CVE-2020-22054 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c.
network
low complexity
ffmpeg debian CWE-401
6.5
2021-06-02 CVE-2015-1877 Command Injection vulnerability in multiple products
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
6.8
2021-06-02 CVE-2020-22046 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.
4.3
2021-06-02 CVE-2020-22048 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c.
4.3
2021-06-02 CVE-2020-22049 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c.
network
low complexity
ffmpeg debian CWE-401
6.5
2021-06-02 CVE-2021-3468 Infinite Loop vulnerability in multiple products
A flaw was found in avahi in versions 0.6 up to 0.8.
local
low complexity
avahi debian CWE-835
5.5
2021-06-02 CVE-2021-3544 Memory Leak vulnerability in multiple products
Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
local
low complexity
qemu debian CWE-401
6.5
2021-06-02 CVE-2021-3545 Use of Uninitialized Resource vulnerability in multiple products
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0.
local
low complexity
qemu debian CWE-908
6.5
2021-06-01 CVE-2020-22044 Memory Leak vulnerability in multiple products
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c.
4.3