CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2022-24790 – HTTP Request Smuggling in puma
https://notcve.org/view.php?id=CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. • https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-1160 – heap buffer overflow in get_one_sourceline in vim/vim
https://notcve.org/view.php?id=CVE-2022-1160
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. Un desbordamiento de búfer de la pila en get_one_sourceline en el repositorio de GitHub vim/vim versiones anteriores a 8.2.4647 • https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2CQXRLBIC4S7JQVEIN5QXKQPYWB5E3J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAIQTUO35U5WO2NYMY47637EMCVDJRSL https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/202305-16 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28202
https://notcve.org/view.php?id=CVE-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. Se ha detectado un problema de tipo XSS en MediaWiki versiones anteriores a 1.35.6, versiones 1.36.x anteriores a 1.36.4 y versiones 1.37.x anteriores a 1.37.2. Las propiedades widthheight, widthheightpage y nbytes de los mensajes no son escapadas cuando son usadas en galerías o en Special:RevisionDelete • https://lists.debian.org/debian-lts-announce/2022/09/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PT4CHJKOQOVMI65TSNZRNV6FIWU7SGZD https://phabricator.wikimedia.org/T297543 https://security.gentoo.org/glsa/202305-24 https://www.debian.org/security/2022/dsa-5246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1122 – openjpeg: segmentation fault in opj2_decompress due to uninitialized pointer
https://notcve.org/view.php?id=CVE-2022-1122
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. Se ha encontrado un fallo en el programa opj2_decompress de openjpeg2 versión 2.4.0, en la forma en que maneja un directorio de entrada con un gran número de archivos. Cuando no asigna un búfer para almacenar los nombres de los archivos del directorio de entrada, llama a free() sobre un puntero no inicializado, conllevando a un fallo de segmentación y una denegación de servicio A flaw was found in the opj2_decompress program in openjpeg2 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. • https://github.com/uclouvain/openjpeg/issues/1368 https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4 https://security.gentoo.org/glsa/202209-04 https: • CWE-665: Improper Initialization CWE-824: Access of Uninitialized Pointer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26280 – libarchive: an out-of-bounds read via the component zipx_lzma_alone_init
https://notcve.org/view.php?id=CVE-2022-26280
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Se ha detectado que Libarchive versión v3.6.0, contiene una lectura fuera de límites por medio del componente zipx_lzma_alone_init An out-of-bounds read flaw was found in libarchive. This flaw allows an attacker who can supply a specially crafted zip file to libarchive to cause an out-of-bounds read in programs linked with libarchive, using the LZMA zip functionality. The consequences depend on the specific program linked with libarchive. Still, they would most likely result in an application crash or information disclosure that could be used in conjunction with another exploit. • https://github.com/libarchive/libarchive/issues/1672 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBYGJICQ7FKDZ2IIOAH423IHWQ6MNONQ https://security.gentoo.org/glsa/202208-26 https://access.redhat.com/security/cve/CVE-2022-26280 https://bugzilla.redhat.com/show_bug.cgi?id=2071931 • CWE-125: Out-of-bounds Read •