CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0562 – libtiff: Null source pointer lead to Denial of Service via crafted TIFF file
https://notcve.org/view.php?id=CVE-2022-0562
11 Feb 2022 — Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. Un puntero fuente null pasado como argumento a la función memcpy() dentro de TIFFReadDirectory() en tif_dirread.c en libtiff versiones desde la 4.0 hasta 4.3.0, podría conllevar a una denegación de servicio por medio de un arch... • https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0554 – Use of Out-of-range Pointer Offset in vim/vim
https://notcve.org/view.php?id=CVE-2022-0554
10 Feb 2022 — Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. Un uso del desplazamiento de Puntero Fuera de Rango en el repositorio de GitHub vim/vim anterior a 8.2 A flaw was found in vim that causes an out-of-range pointer offset vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and e... • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0487 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-0487
04 Feb 2022 — A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en la función rtsx_usb_ms_drv_remove en el archivo drivers/memstick/host/rtsx_usb_ms.c en memstick en el kernel de Linux. En este fallo, un atacante local co... • https://bugzilla.redhat.com/show_bug.cgi?id=2044561 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23947 – Debian Security Advisory 5214-1
https://notcve.org/view.php?id=CVE-2022-23947
04 Feb 2022 — A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad parsing de Gerber Viewer y excellon DCodeNumber de KiCad EDA versión 6.0.1 y maste... • https://lists.debian.org/debian-lts-announce/2022/05/msg00009.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-23946 – Debian Security Advisory 5214-1
https://notcve.org/view.php?id=CVE-2022-23946
04 Feb 2022 — A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad parsing de Gerber Viewer y GCodeNumber de excellon de KiCad EDA versiones 6.0.1 y ... • https://lists.debian.org/debian-lts-announce/2022/05/msg00009.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-46671 – Ubuntu Security Notice USN-6334-1
https://notcve.org/view.php?id=CVE-2021-46671
04 Feb 2022 — options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. El archivo options.c en atftp versiones anteriores a 0.7.5, lee más allá del final de un array, y en consecuencia revela datos de /etc/group del lado del servidor a un cliente remoto Peter Wang discovered that atftp did not properly manage certain inputs. A remote attacker could send a specially crafted tftp request to the server to cause a crash. Andreas B. Mundt discov... • https://bugs.debian.org/1004974 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24448 – kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR
https://notcve.org/view.php?id=CVE-2022-24448
04 Feb 2022 — An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. Se ha detectado un problema en el archivo fs/nfs/dir.c en el kernel de Linux versiones anteriores a 5.16.5. Si una aplicación establece la bandera O_DIRECTORY, y trata de abrir un archivo r... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1CVE-2021-3752 – kernel: possible use-after-free in bluetooth module
https://notcve.org/view.php?id=CVE-2021-3752
03 Feb 2022 — A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario s... • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2021-20322 – kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
https://notcve.org/view.php?id=CVE-2021-20322
03 Feb 2022 — A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de... • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 • CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 2CVE-2022-21724 – Unchecked Class Instantiation when providing Plugin Classes
https://notcve.org/view.php?id=CVE-2022-21724
02 Feb 2022 — pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implemen... • https://github.com/ToontjeM/CVE-2022-21724 • CWE-665: Improper Initialization •