CVSS: 9.9EPSS: 18%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de Samba usa atributos de archivo extendidos (EA, xattr) para proporcionar "...compatibilidad mejorada con los clientes SMB de Apple e interoperabilidad con un servidor de archivos AFP de Netatalk 3". Samba versiones anteriores a 4.13.17, 4.14.12 y 4.15.5 con vfs_fruit configurado permiten una lectura y escritura fuera de límites de la pila por medio de atributos de archivo extendidos especialmente diseñados. • https://github.com/horizon3ai/CVE-2021-44142 https://github.com/gudyrmik/CVE-2021-44142 https://github.com/hrsman/Samba-CVE-2021-44142 https://bugzilla.samba.org/show_bug.cgi?id=14914 https://kb.cert.org/vuls/id/119678 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-44142.html https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin https://access.redhat&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 3CVE-2022-24130
https://notcve.org/view.php?id=CVE-2022-24130
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. xterm versiones hasta el Parche 370, cuando el soporte Sixel está habilitado, permite a atacantes desencadenar un desbordamiento de búfer en el archivo set_sixel en graphics_sixel.c por medio de texto diseñado • https://invisible-island.net/xterm/xterm.log.html https://lists.debian.org/debian-lts-announce/2022/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP5Y4O7WBNLV24D22E6LE7RQFYOUVD2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4CWYYEBT6AJRJBBQU2KLUOQDHRM7WAV https://security.gentoo.org/glsa/202208-22 https://twitter.com/nickblack/status/1487731459398025216 https://www.openwall.com/lists/oss-security/2022/01/30/ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0413 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2022-0413
Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio GitHub vim/vim anterior a la versión 8.2. A flaw was found in vim. The vulnerability occurs due to using freed memory when the substitute uses a recursive function call, resulting in a use-after-free vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. • https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0408 – Stack-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2022-0408
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Desbordamiento de búfer basado en la pila en el repositorio de GitHub vim/vim anterior a la versión 8.2. • https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2021-46659 – mariadb: Crash executing query with VIEW, aggregate and subquery
https://notcve.org/view.php?id=CVE-2021-46659
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. MariaDB versiones anteriores a 10.7.2 permite un bloqueo de la aplicación porque no reconoce que SELECT_LEX::nest_level es local a cada VIEW • https://jira.mariadb.org/browse/MDEV-25631 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO https://mariadb.com/kb/en/security https://security.netapp.com/advisory/ntap-20220311-0003 https://access.redhat.com/s • CWE-20: Improper Input Validation •