CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2598 – Out-of-bounds Write to API in vim/vim
https://notcve.org/view.php?id=CVE-2022-2598
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. Un Comportamiento no Definido de la Entrada a la API en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0100 • https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-34526
https://notcve.org/view.php?id=CVE-2022-34526
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. Se ha descubierto un desbordamiento de pila en la función _TIFFVGetField de Tiffsplit v4.4.0. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo TIFF manipulado analizado por las utilidades "tiffsplit" o "tiffcrop" • https://gitlab.com/libtiff/libtiff/-/issues/433 https://gitlab.com/libtiff/libtiff/-/issues/486 https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ https://security.netapp.com/advisory/ntap-20220930-0002 https://www.debian.org/security/2023/dsa-5333 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-30287
https://notcve.org/view.php?id=CVE-2022-30287
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. Horde Groupware Webmail Edition versiones hasta 5.2.22, permite un ataque de inyección de reflexión mediante el cual un atacante puede instanciar una clase de controlador. Esto conlleva a una deserialización arbitraria de objetos PHP • https://blog.sonarsource.com/horde-webmail-rce-via-email https://lists.debian.org/debian-lts-announce/2022/08/msg00022.html https://www.horde.org/apps/webmail • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-1184 – kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
https://notcve.org/view.php?id=CVE-2022-1184
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1184 https://bugzilla.redhat.com/show_bug.cgi?id=2070205 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://ubuntu.com/security/CVE-2022-1184 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2553 – booth: authfile directive in booth config file is completely ignored.
https://notcve.org/view.php?id=CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. La directiva authfile en el archivo de configuración de booth es ignorada, impidiendo el uso de la autenticación en las comunicaciones de nodo a nodo. Como resultando, los nodos que no presentan la clave de autenticación correcta no son impedidos de comunicarse con otros nodos en el cluster A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the cluster. • https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD https://www.debian.org/security/2022/dsa-5194 https://access.redhat.com/security/cve/CVE-2022-2553 https://bugzilla.redhat.com/show_bug.cgi?id=2109251 • CWE-287: Improper Authentication •