CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0943 – Heap-based Buffer Overflow occurs in vim in vim/vim
https://notcve.org/view.php?id=CVE-2022-0943
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. Se produce un desbordamiento del búfer basado en Heap en vim en el repositorio de GitHub vim/vim anterior a 8.2.4563 A heap buffer overflow flaw was found in vim's suggest_try_change() function of the spellsuggest.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a heap-overflow and causing an application to crash, which leads to a denial of service. • http://seclists.org/fulldisclosure/2022/Oct/28 http://seclists.org/fulldisclosure/2022/Oct/41 https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3R36VSLO4TRX72SWB6IDJOD24BQXPX2 https://lists.fedoraproject& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-26981
https://notcve.org/view.php?id=CVE-2022-26981
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Liblouis versiones hasta 3.21.0, presenta un desbordamiento de búfer en compilePassOpcode en el archivo compileTranslationTable.c (llamado, indirectamente, por el archivo tools/lou_checktable.c) • http://seclists.org/fulldisclosure/2022/Jul/12 http://seclists.org/fulldisclosure/2022/Jul/15 http://seclists.org/fulldisclosure/2022/Jul/16 http://seclists.org/fulldisclosure/2022/Jul/18 https://github.com/liblouis/liblouis/issues/1171 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFD2KIHESDUCNWTEW3USFB5GKTWT624L https://security.gentoo.org/glsa/202301-06 https://support.apple.com/kb/HT213340 https://support.apple.com/kb/HT213342 https://sup • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-0860 – Improper Authorization in cobbler/cobbler
https://notcve.org/view.php?id=CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. Una Autorización Inapropiada en el repositorio GitHub cobbler/cobbler versiones anteriores a 3.3.2 • https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0907
https://notcve.org/view.php?id=CVE-2022-0907
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. Un Valor de Retorno no Comprobado a una Desreferencia de Puntero NULL in tiffcrop in libtiff versión 4.3.0 permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff desde las fuentes, la corrección está disponible con el commit f2b656e2 • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json https://gitlab.com/libtiff/libtiff/-/issues/392 https://gitlab.com/libtiff/libtiff/-/merge_requests/314 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2 https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory • CWE-252: Unchecked Return Value •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0909 – tiff: Divide By Zero error in tiffcrop
https://notcve.org/view.php?id=CVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. Un error de División por cero en tiffcrop en libtiff versión 4.3.0 permite a atacantes causar una denegación de servicio por medio de un archivo tiff diseñado. Para usuarios que compilan libtiff a partir de fuentes, la corrección está disponible con el commit f8d0f9aa A floating-point exception (FPE) flaw was found in LibTIFF’s computeOutputPixelOffsets() function in tiffcrop.c file. This flaw allows an attacker with a crafted TIFF file to trigger a divide-by-zero error, causing a crash that leads to a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json https://gitlab.com/libtiff/libtiff/-/issues/393 https://gitlab.com/libtiff/libtiff/-/merge_requests/310 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2 https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory • CWE-369: Divide By Zero •