CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2859
https://notcve.org/view.php?id=CVE-2022-2859
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. Un uso de memoria previamente liberada en Chrome OS Shell en Google Chrome versiones anteriores a 104.0.5112.101, permitía que un atacante remoto que convenciera a un usuario de participar en interacciones específicas de la Interfaz de Usuario pudiera explotar la corrupción de la pila por medio de interacciones específicas de la Interfaz de Usuario. • https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1338412 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-3016 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3016
Use After Free in GitHub repository vim/vim prior to 9.0.0286. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0286 • https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-38791 – mariadb: compress_write() fails to release mutex on failure
https://notcve.org/view.php?id=CVE-2022-38791
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. En MariaDB versiones anteriores a 10.9.2, la función compress_write en el archivo extra/mariabackup/ds_compress.cc no libera data_mutex tras un fallo de escritura en el flujo, lo que permite a usuarios locales desencadenar un bloqueo. • https://jira.mariadb.org/browse/MDEV-28719 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY https://security.netapp.com/advisory/ntap-20221104-0008 https://access.redhat.com/security/cve/CVE-2022-38791 https://b • CWE-667: Improper Locking •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3574
https://notcve.org/view.php?id=CVE-2021-3574
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. Se encontró una vulnerabilidad en ImageMagick versión 7.0.11-5, donde al ejecutar un archivo diseñado con el comando convert, ASAN detecta pérdidas de memoria. • https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9 https://github.com/ImageMagick/ImageMagick/issues/3540 https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792 https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Q6MJAMGHGB552KSFTQKXEKJVQNM4MCT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5C6XAGUFPUF4SNVCI2T4OJK3EFIENBGP https:/& • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 2CVE-2022-0216
https://notcve.org/view.php?id=CVE-2022-0216
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en la emulación del adaptador de bus de host LSI53C895A SCSI de QEMU. El fallo es producido mientras son procesados mensajes repetidos para cancelar la petición SCSI actual por medio de la función lsi_do_msgout. • https://access.redhat.com/security/cve/CVE-2022-0216 https://bugzilla.redhat.com/show_bug.cgi?id=2036953 https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc4 https://gitlab.com/qemu-project/qemu/-/issues/972 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTY7TVHX62OJWF6IOBCIGLR2N5K4QN3E https://starlabs.sg/advisories/22/22-0216 • CWE-416: Use After Free •