CVSS: 7.8EPSS: 32%CPEs: 8EXPL: 2CVE-2022-31629 – $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31629
28 Sep 2022 — In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP... • https://github.com/silnex/CVE-2022-31629-poc • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-31628 – phar wrapper can occur dos when using quine gzip file
https://notcve.org/view.php?id=CVE-2022-31628
28 Sep 2022 — In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a s... • https://bugs.php.net/bug.php?id=81726 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2022-39261 – Twig may load a template outside a configured directory when using the filesystem loader
https://notcve.org/view.php?id=CVE-2022-39261
28 Sep 2022 — Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. • https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41556 – Debian Security Advisory 5243-1
https://notcve.org/view.php?id=CVE-2022-41556
28 Sep 2022 — A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. Un filtrado de recursos en el archivo gw_backend.c en lighttpd versiones 1.4.56 hasta 1.4.66, podría conllevar a una denegación de servicio (agotamiento de la ranura de conexión)... • https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-3324 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-3324
27 Sep 2022 — Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Un Desbordamiento del Búfer en la Región Stack de la Memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0598 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handl... • https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3204 – NRDelegation Attack
https://notcve.org/view.php?id=CVE-2022-3204
26 Sep 2022 — A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unrespo... • https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3296 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-3296
25 Sep 2022 — Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. Desbordamiento del búfer en la región Stack de la memoria en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0577. Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected. • https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3297 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3297
25 Sep 2022 — Use After Free in GitHub repository vim/vim prior to 9.0.0579. Un Uso de Memoria Previamente liberada en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0579. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. • https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40188 – Ubuntu Security Notice USN-6225-1
https://notcve.org/view.php?id=CVE-2022-40188
23 Sep 2022 — Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. It was discovered tha... • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3278 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-3278
23 Sep 2022 — NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0552. Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected. • https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e • CWE-476: NULL Pointer Dereference •