CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-23608 – Use after free in PJSIP
https://notcve.org/view.php?id=CVE-2022-23608
22 Feb 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior su... • http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0714 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0714
22 Feb 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. Un desbordamiento de búfer basado en la región heap en el repositorio de GitHub vim/vim en versiones anteriores a la 8.2.4436. It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-25375 – Ubuntu Security Notice USN-5417-1
https://notcve.org/view.php?id=CVE-2022-25375
20 Feb 2022 — An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. Se ha detectado un problema en el archivo drivers/usb/gadget/function/rndis.c en el kernel de Linux versiones anteriores a 5.16.10. El gadget USB RNDIS no comprueba el tamaño del comando RNDIS_MSG_SET. • https://github.com/szymonh/rndis-co • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0685 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-0685
20 Feb 2022 — Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. Un Uso de un Desplazamiento de Puntero Fuera de Rango en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4418 It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS. It was discovered that Vim was using freed memory when dealing with regular expressions ... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 10.0EPSS: 94%CPEs: 6EXPL: 6CVE-2022-0543 – Debian-specific Redis Server Lua Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-0543
18 Feb 2022 — It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Se ha detectado que redis, una base de datos persistente de valores clave, debido a un problema de empaquetado, es propenso a un escape del sandbox de Lua (específico de Debian), que podría resultar en una ejecución de código remota Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability... • https://packetstorm.news/files/id/166885 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-23804 – Debian Security Advisory 5214-1
https://notcve.org/view.php?id=CVE-2022-23804
16 Feb 2022 — A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad coordinate parsing de Gerber Viewer y excellon ReadIJCoord de KiCad EDA... • https://lists.debian.org/debian-lts-announce/2022/05/msg00009.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2022-23803 – Debian Security Advisory 5214-1
https://notcve.org/view.php?id=CVE-2022-23803
16 Feb 2022 — A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad coordinate parsing de Gerber Viewer gerber y excellon ReadXYCoord de Ki... • https://lists.debian.org/debian-lts-announce/2022/05/msg00009.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 1CVE-2022-0617 – kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback
https://notcve.org/view.php?id=CVE-2022-0617
16 Feb 2022 — A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. Se encontró un fallo de desreferencia de puntero null en la funcionalidad UDF file system del kernel de Linux en la forma en que el usuario desencadena la función udf_file_write_iter para la imagen UDF maliciosa. Un usuario local podrí... • http://www.openwall.com/lists/oss-security/2022/04/13/2 • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 1CVE-2022-25258 – Ubuntu Security Notice USN-5417-1
https://notcve.org/view.php?id=CVE-2022-25258
16 Feb 2022 — An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. Se ha descubierto un problema en drivers/usb/gadget/composite.c en el kernel de Linux anterior a la versión 5.16.10. El subsistema USB Gadget carece de cierta validación de las solicitudes de descriptor del SO d... • https://github.com/szymonh/d-os-descriptor • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43299 – Debian Security Advisory 5285-1
https://notcve.org/view.php?id=CVE-2021-43299
16 Feb 2022 — Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. Un desbordamiento de pila en la API de PJSUA cuando es llamado a pjsua_player_create. Un argumento "filename" controlado por un atacante puede causar un desbordamiento del búfer, ya que es copiado a un búfer de pila de tamaño fijo sin ninguna comprobación de tamaño Multiple security vulnerabilities ha... • https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •