CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41649 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-41649
22 Dec 2022 — A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de lectura fuera de los límites en el manejo de datos IPTC al analizar imágenes TIFF en OpenImageIO v2.3.19.0. Un archivo TIFF especialmente manipulado puede provocar u... • https://lists.debian.org/debian-lts-announce/2023/08/msg00005.html • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36354 – Debian Security Advisory 5384-1
https://notcve.org/view.php?id=CVE-2022-36354
22 Dec 2022 — A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de lectura fuera de los límites en el analizador de formato RLA de OpenImageIO master-branch-9ae... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23537 – PJSIP vulnerable to heap buffer overflow when decoding STUN message
https://notcve.org/view.php?id=CVE-2022-23537
20 Dec 2022 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). PJSIP es una librería de comunicación multimedia gratuita y de código abierto escrita en leng... • https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4515 – ctags: arbitrary command execution via a tag file with a crafted filename
https://notcve.org/view.php?id=CVE-2022-4515
20 Dec 2022 — A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Se encontró una falla en Exuberant Ctags en la forma en que maneja la opción "-o". Esta opción especifica el nombre del archivo de etiqueta. • https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2022-47629 – libksba: integer overflow to code execution
https://notcve.org/view.php?id=CVE-2022-47629
20 Dec 2022 — Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Libksba anterior a 1.6.3 es propenso a sufrir una vulnerabilidad de desbordamiento de enteros en el analizador de firmas CRL. A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. The... • https://dev.gnupg.org/T6284 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47518 – Ubuntu Security Notice USN-5950-1
https://notcve.org/view.php?id=CVE-2022-47518
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación del número de canales en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador inalámbrico WILC1000 pue... • https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47519 – Ubuntu Security Notice USN-5950-1
https://notcve.org/view.php?id=CVE-2022-47519
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de IEEE80211_P2P_ATTR_OPER_CHANNEL en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador inalámbrico ... • https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47520 – Ubuntu Security Notice USN-5939-1
https://notcve.org/view.php?id=CVE-2022-47520
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de compensación en drivers/net/wireless/microchip/wilc1000/hif.c en el controlador inalámbrico WILC1000 puede desencadenar una lectura ... • https://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47521 – Ubuntu Security Notice USN-5950-1
https://notcve.org/view.php?id=CVE-2022-47521
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de IEEE80211_P2P_ATTR_CHANNEL_LIST en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador i... • https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-46871 – Mozilla: libusrsctp library out of date
https://notcve.org/view.php?id=CVE-2022-46871
15 Dec 2022 — An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. The Mozilla Foundation Security Advisory describes this flaw as: An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. • https://bugzilla.mozilla.org/show_bug.cgi?id=1795697 • CWE-1104: Use of Unmaintained Third Party Components •