CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35531
https://notcve.org/view.php?id=CVE-2020-35531
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función get_huffman_diff() (libraw\src\x3f\x3f_utils_patched.cpp) cuando son leídos datos de un archivo de imagen • https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 https://github.com/LibRaw/LibRaw/issues/270 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-35532
https://notcve.org/view.php?id=CVE-2020-35532
In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. En LibRaw, se presenta una vulnerabilidad de lectura fuera de límites dentro de la función "simple_decode_row()" (libraw\src\x3f\x3f_utils_patched.cpp) que puede desencadenarse por medio de una imagen con un campo row_stride grande • https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e https://github.com/LibRaw/LibRaw/issues/271 https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 2CVE-2022-2663 – kernel: netfilter: nf_conntrack_irc message handling issue
https://notcve.org/view.php?id=CVE-2022-2663
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. Se ha encontrado un problema en el kernel de Linux en la función nf_conntrack_irc en el que el manejo de los mensajes puede confundirse y hacerlos coincidir incorrectamente. Se ha encontrado un problema en el kernel de Linux en nf_conntrack_irc donde el manejo de mensajes puede confundirse y coincidir incorrectamente con el mensaje A flaw was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and it incorrectly matches on the message. An attacker could exploit this vulnerability to bypass firewall when users are using unencrypted IRC with nf_conntrack_irc configured. • https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T https://www.debian.org/security/2022/dsa-5257 https://www.openwall.com/lists/oss-security/2022/08/30/1 https://www.youtube.com/watch?v=WIq-YgQuYCA https://access.redhat.com/security/cve/CVE-2022-2663 h • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2996 – python-scciclient: missing server certificate verification
https://notcve.org/view.php?id=CVE-2022-2996
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. Se encontró un fallo en python-scciclient cuando es realizada una conexión HTTPS a un servidor en el que no es verificado el certificado del servidor. Este problema abre la conexión a posibles ataques de tipo Man-in-the-middle (MITM) • https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c https://access.redhat.com/security/cve/CVE-2022-2996 https://bugzilla.redhat.com/show_bug.cgi?id=2115122 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3061
https://notcve.org/view.php?id=CVE-2022-3061
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. Se ha encontrado un fallo en el Kernel de Linux en el controlador i740. El programa de espacio de usuario podía pasar cualquier valor al controlador mediante la interfaz ioctl(). • https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-369: Divide By Zero •