CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2022-22728 – libapreq2 multipart form parse memory corruption
https://notcve.org/view.php?id=CVE-2022-22728
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. Un fallo en Apache libapreq2 versiones 2.16 y anteriores, podría causar un desbordamiento de búfer mientras son procesadas cargas de formularios multiparte. Un atacante remoto podría enviar una solicitud que causara un bloqueo del proceso, lo que podría conllevar a un ataque de denegación de servicio. • http://www.openwall.com/lists/oss-security/2022/08/25/3 http://www.openwall.com/lists/oss-security/2022/08/25/4 http://www.openwall.com/lists/oss-security/2022/08/26/4 http://www.openwall.com/lists/oss-security/2022/12/29/1 http://www.openwall.com/lists/oss-security/2022/12/30/4 http://www.openwall.com/lists/oss-security/2022/12/31/1 http://www.openwall.com/lists/oss-security/2022/12/31/5 http://www.openwall.com/lists/oss-security/2023 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38533
https://notcve.org/view.php?id=CVE-2022-38533
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. En GNU Binutils versiones anteriores a 2.4.0, se presenta un desbordamiento del búfer de la pila en la función de error bfd_getl32 cuando es llamada desde la función strip_main en strip-new por medio de un archivo diseñado. • https://github.com/bminor/binutils-gdb/commit/45d92439aebd0386ef8af76e1796d08cfe457e1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ https://security.gentoo.org/glsa/202309-15 https://security.netapp.com/advisory/ntap-20221104-0007 https://sourceware.org/bugzilla/show_bug.cgi?id=29482 https://sourceware.org/bugzilla/show_bug.cgi?id& • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2980 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2022-2980
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. Una Desreferencia de Puntero NULL en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0259. • https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL https://security.gentoo.org/glsa/202305-16 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-2982 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-2982
Use After Free in GitHub repository vim/vim prior to 9.0.0260. Un Uso De Memoria Previamente Liberada en el repositorio de GitHub vim/vim versiones anteriores a 9.0.0260. • https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL https://security.gentoo.org/glsa/202305-16 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-25761 – Denial of Service (DoS)
https://notcve.org/view.php?id=CVE-2022-25761
The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. El paquete open62541/open62541 versiones anteriores a 1.2.5, a partir de la 1.3-rc1 y anteriores a 1.3.1, son vulnerables a una Denegación de Servicio (DoS) debido a una falta de limitación del número de chunks recibidos - por sesión única o en total para todas las sesiones concurrentes. Un atacante puede explotar esta vulnerabilidad mediante el envío de un número ilimitado de chunks enormes (por ejemplo, 2GB cada uno) sin enviar el chunk de cierre Final. • https://github.com/open62541/open62541/commit/b79db1ac78146fc06b0b8435773d3967de2d659c https://github.com/open62541/open62541/pull/5173 https://github.com/open62541/open62541/releases/tag/v1.2.5 https://github.com/open62541/open62541/releases/tag/v1.3.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNUV4FDVDBQHCPMOOEVKLMQK5SLKPK2L https://security.snyk.io/vuln/SNYK-UNMANAGED-OPEN62541OPEN62541-2988719 • CWE-770: Allocation of Resources Without Limits or Throttling •