NotCVE - vendor:"Fedoraproject" product:"Fedora" version:"37"

Page 115 of 693 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-32743

https://notcve.org/view.php?id=CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Samba no comprueba el derecho Validated-DNS-Host-Name para el atributo dNSHostName, lo que podría permitir a usuarios no privilegiados escribirlo • https://bugzilla.samba.org/show_bug.cgi?id=14833 https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTTOLTHUHOV4SHCHCB5TAA4FQVJAWN4P https://security.gentoo.org/glsa/202309-06 • CWE-276: Incorrect Default Permissions •

CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-3028 – kernel: race condition in xfrm_probe_algs can lead to OOB read/write

https://notcve.org/view.php?id=CVE-2022-3028

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. Se ha encontrado una condición de carrera en el marco IP del kernel de Linux para la transformación de paquetes (subsistema XFRM) cuando son producidas simultáneamente varias llamadas a xfrm_probe_algs. Este fallo podría permitir a un atacante local desencadenar potencialmente una escritura fuera de límites o una pérdida de memoria de la pila del kernel al llevar a cabo una lectura fuera de límites y copiarla en un socket • https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-3037 – Use After Free in vim/vim

https://notcve.org/view.php?id=CVE-2022-3037

Use After Free in GitHub repository vim/vim prior to 9.0.0322. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0322. • https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-38784 – poppler: integer overflow in JBIG2 decoder using malformed files

https://notcve.org/view.php?id=CVE-2022-38784

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. Poppler versiones anteriores a 22.08.0 incluyéndola, contiene un desbordamiento de enteros en el descodificador JBIG2 (la función JBIG2Stream::readTextRegionSeg() en el archivo JBIGStream.cc). El procesamiento de un archivo PDF o una imagen JBIG2 especialmente diseñados podría conllevar a un bloqueo o una ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2022/09/02/11 https://github.com/jeffssh/CVE-2021-30860 https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6 https://lists.fedoraproject&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2

CVE-2022-35016

https://notcve.org/view.php?id=CVE-2022-35016

Advancecomp v2.3 was discovered to contain a heap buffer overflow. Se ha detectado que Advancecomp versión v2.3, contiene un desbordamiento del búfer de la pila • https://drive.google.com/file/d/1oWVhoJJih6-pgbvrZsx5oFUtv-vgR0fF/view?usp=sharing https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE • CWE-787: Out-of-bounds Write •

1...113 114 115 116 117