CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3297 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3297
Use After Free in GitHub repository vim/vim prior to 9.0.0579. Un Uso de Memoria Previamente liberada en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0579. • https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-41322
https://notcve.org/view.php?id=CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. En Kitty versiones anteriores a 0.26.2, una comprobación insuficiente en la secuencia de escape de la notificación de escritorio puede conllevar a una ejecución de código arbitrario. El usuario debe mostrar contenido controlado por el atacante en el terminal y luego hacer clic en una ventana emergente de notificación. • https://bugs.gentoo.org/868543 https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX https://security.gentoo.org/glsa/202209-22 https://sw.kovidgoyal.net/kitty/changelog/#detailed-list&# • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3278 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-3278
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0552. • https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI https://security.gentoo.org/glsa/202305-16 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40188
https://notcve.org/view.php?id=CVE-2022-40188
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. Knot Resolver versiones anteriores a 5.5.3, permite a atacantes remotos causar una denegación de servicio (consumo de CPU) debido a una complejidad del algoritmo. Durante un ataque, un servidor autoritativo debe devolver grandes conjuntos de NS o conjuntos de direcciones. • https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1343#note_262558 https://lists.debian.org/debian-lts-announce/2022/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMDNIUI7GTUEKIBBYYW7OCTJQFPDNXL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2VE5K3VDUHJOIA2IGT3G5R76IBADMNE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO6LIVQS62MI5GG4OVYB5RHVZMYNHAHG • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2022-35951 – Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
https://notcve.org/view.php?id=CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. • https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C https://security.gentoo.org/glsa/202209-17 https://security.netapp.com/advisory/ntap-20221020-0005 • CWE-190: Integer Overflow or Wraparound •