In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.
Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.