CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 2CVE-2022-31626 – mysqlnd/pdo password buffer overflow
https://notcve.org/view.php?id=CVE-2022-31626
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando la extensión pdo_mysql con el controlador mysqlnd, si es permitido que el tercero suministre el host al que conectarse y la contraseña para la conexión, la contraseña de longitud excesiva puede desencadenar un desbordamiento de búfer en PHP, lo que puede conllevar a una vulnerabilidad de ejecución de código remota A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply a MySQL database server password in the mysqlnd driver to the host for the connection, a password of excessive length can trigger a buffer overflow in PHP. This flaw allows a remote attacker to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system. • https://github.com/amitlttwo/CVE-2022-31626 https://bugs.php.net/bug.php?id=81719 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4 https://security.gentoo.org/glsa/202209-20 https://security.netapp.com/advisory/ntap-20220722-0005 https://www.deb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2022-31625 – Freeing unallocated memory in php_pgsql_free_params()
https://notcve.org/view.php?id=CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando es usada la extensión de la base de datos Postgres, el suministro de parámetros no válidos a la consulta parametrizada puede conllevar que PHP intente liberar memoria usando datos no inicializados como punteros. Esto podría conllevar a una vulnerabilidad RCE o una denegación de servicio A vulnerability was found in PHP due to an uninitialized array in pg_query_params() function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. • https://bugs.php.net/bug.php?id=81720 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4 https://security.gentoo.org/glsa/202209-20 https://security.netapp.com/advisory/ntap-20220722-0005 https://www.debian.org/security/2022/dsa-5179 https://acce • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31291
https://notcve.org/view.php?id=CVE-2022-31291
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Un problema en el archivo dlt_config_file_parser.c de dlt-daemon versión v2.18.8, permite a atacantes causar una doble liberación por medio de paquetes TCP diseñados • https://github.com/COVESA/dlt-daemon/pull/376/commits https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2022-21166 – hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
https://notcve.org/view.php?id=CVE-2022-21166
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta en operaciones específicas de escritura en registros especiales para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio de acceso local A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/06/16/1 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://lists.fedoraproject.org/archives& • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-21127
https://notcve.org/view.php?id=CVE-2022-21127
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta en operaciones específicas de lectura de registros especiales para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio de acceso local • http://www.openwall.com/lists/oss-security/2022/06/16/1 https://security.netapp.com/advisory/ntap-20220624-0008 https://www.debian.org/security/2022/dsa-5178 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html • CWE-459: Incomplete Cleanup •