CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3213 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-3213
19 Sep 2022 — A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Se ha encontrado un problema de desbordamiento del búfer de la pila en ImageMagick. Cuando una aplicación procesa un archivo TIFF malformado, puede conllevar a un comportamiento indefinido o un bloqueo que cause una denegación de servicio Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead... • https://access.redhat.com/security/cve/CVE-2022-3213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40768 – Ubuntu Security Notice USN-5728-3
https://notcve.org/view.php?id=CVE-2022-40768
18 Sep 2022 — drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. El archivo drivers/scsi/stex.c en el kernel de Linux versiones hasta 5.19.9, permite a usuarios locales obtener información confidencial de la memoria del kernel porque stex_queuecommand_lck carece de memset para el caso PASSTHRU_CMD Jann Horn discovered that the Linux kernel did not properly track memory allocati... • http://www.openwall.com/lists/oss-security/2022/09/19/1 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-3235 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-3235
18 Sep 2022 — Use After Free in GitHub repository vim/vim prior to 9.0.0490. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim versiones anteriores a 9.0.0490 Multiple vulnerabilities have been found in Vim, the worst of which could result in denial of service. Versions less than 9.0.1157 are affected. • https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-3234 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-3234
17 Sep 2022 — Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Desbordamiento de búfer basado en Heap en el repositorio de GitHub vim/vim anterior a la versión 9.0.0483 It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Vim incorrectly handled memory when opening c... • https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-30674 – Adobe InDesign 2022 Out-of-Bound Read Memory leak
https://notcve.org/view.php?id=CVE-2022-30674
16 Sep 2022 — Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe InDesign versiones 16.4.2 (y anteriores) y 17.3 (y anteriores), están afectadas por una vulnerabilidad de lectura fuera de límites que podría conllevar a u... • https://helpx.adobe.com/security/products/indesign/apsb22-50.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2022-39209 – Uncontrolled Resource Consumption in cmark-gfm
https://notcve.org/view.php?id=CVE-2022-39209
15 Sep 2022 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. • https://en.wikipedia.org/wiki/Time_complexity • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40674 – expat: a use-after-free in the doContent function in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-40674
14 Sep 2022 — libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. libexpat versiones anteriores a 2.4.9, presenta un uso de memoria previamente liberada en la función doContent en el archivo xmlparse.c A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed ... • https://github.com/libexpat/libexpat/pull/629 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-36568
https://notcve.org/view.php?id=CVE-2021-36568
13 Sep 2022 — In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. En determinados productos Moodle después de crear un curso, es posible añadir en un "Topic" arbitrario un recurso, en este caso una "Database" con el tipo "Text" donde sus valores "Field na... • https://blog.hackingforce.com.br/en/cve-2021-36568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2022-38013 – .NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-38013
13 Sep 2022 — .NET Core and Visual Studio Denial of Service Vulnerability Una vulnerabilidad de Denegación de Servicio en .NET Core and Visual Studio .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.109 and Runtime 6.0.9. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2CUL3Z7MEED7RFQZVGQL2MTKSFFZKAAY • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-32886 – webkitgtk: buffer overflow issue was addressed with improved memory handling
https://notcve.org/view.php?id=CVE-2022-32886
13 Sep 2022 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorado. Este problema es corregido en Safari versión 16, iOS versión 16, iOS versión 15.7 y iPadOS versión 15.7. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •