Page 118 of 703 results (0.017 seconds)

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-26495

https://notcve.org/view.php?id=CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. En nbd-server en nbd versiones anteriores a 3.24, se presenta un desbordamiento de enteros con un desbordamiento de búfer en la región heap de la memoria resultante. Un valor de 0xffffff en el campo de longitud del nombre causará que se asigne un búfer de tamaño cero para el nombre, resultando en una escritura en un puntero colgante. • https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html https://lists.debian.org/nbd/2022/01/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 https://security.gentoo.org/glsa/202402-10 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-26496 – Shannon Baseband fmtp SDP Attribute Memory Corruption

https://notcve.org/view.php?id=CVE-2022-26496

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. En nbd-server en nbd versiones anteriores a 3.24, se presenta un desbordamiento del búfer en la región stack de la memoria. Un atacante puede causar un desbordamiento de búfer en el análisis del campo name enviando un mensaje NBD_OPT_INFO o NBD_OPT_GO diseñado con un valor grande como longitud del nombre Shannon Baseband suffers from a memory corruption vulnerability that occurs when the baseband modem processes SDP when setting up a call. When an fmtp attribute is parsed, the integer that represents the payload type is copied into an 8-byte buffer using memcpy with the length of payload type as the length parameter. • http://packetstormsecurity.com/files/172148/Shannon-Baseband-fmtp-SDP-Attribute-Memory-Corruption.html https://lists.debian.org/nbd/2022/01/msg00036.html https://lists.debian.org/nbd/2022/01/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 1

CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption

https://notcve.org/view.php?id=CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. • http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2 https://lists.fedorapro • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-0730

https://notcve.org/view.php?id=CVE-2022-0730

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Bajo determinadas condiciones de ldap, la autenticación de Cacti puede ser omitida con determinados tipos de credenciales • https://github.com/Cacti/cacti/issues/4562 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJ • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-21716 – Buffer Overflow in Twisted

https://notcve.org/view.php?id=CVE-2022-21716

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. • https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-770: Allocation of Resources Without Limits or Throttling •